If you are reading this text, it’s likely that you are interested in the Azure Cloud environment.
To land a job as a DevOps Engineer or Cloud Architect in an Azure environment, it is very important to pass the AZ-104 exam and become a certified Microsoft Azure Administrator, which is often a requirement for many companies.
For more details about the exam, visit: https://learn.microsoft.com/en-us/certifications/exams/az-104/
So, let’s get started!
EntraID (known as Azure AD)
Entra ID is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources.
Entra ID takes this approach to the next level by providing organizations with an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises.
Entra ID licenses:
- Free MFA, SSO, Basic Security and Usage Reports, User Management
- Office 365 Apps Company Branding, SLA, Two-Sync between On-Premise and Cloud
- Premium 1 Hybrid Architecture, Advanced Group Access, Conditional Access
- Premium 2 Identity Protection, Identity Governance
Entra ID can authorize and authenticate to multiple sources:
- To your on-premise AD
- To your web-application
- Allow users to login with their Identity Provider (IdP) e.g., Facebook or Google
- To Office 365 or Azure Microsoft
Active Directory Terminology:
Domain
A domain is an area of a network organized around a single authentication database.
An Active Directory (AD) domain is a logical grouping of AD objects on a network.
Domain Controller (DC)
A domain controller is a server that authenticates user identities and authorizes their access to resources.
Domain Computer
A domain computer is a computer that is registered with a central authentication database. It is considered an AD object.
AD Object
An AD object is a basic element of Active Directory, such as:
- Users
- Groups
- Printers
- Computers
- Shared folders
Group Policy Object (GPO)
A Group Policy Object is a virtual collection of policy settings. It controls what AD objects have access to.
Organizational Units (OU)
An Organizational Unit is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units.
Directory Service
A directory service, such as Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators. A Directory service runs on a Domain Controller.
Tenant
A tenant represents an organization in Entra ID.
A tenant is a dedicated Entra ID service instance.
A tenant is automatically created when you sign up for:
- Microsoft Azure
- Microsoft Intune
- Microsoft 365
- Only one answer is correct.
- You can find correct answers at the bottom of this article
Question 1:
What is Entra ID?
- A) A physical directory of all employees in a company.
- B) Microsoft’s cloud-based identity and access management service.
- C) A type of security system for the cloud.
- D) Microsoft’s on-premise active directory service.
Show Answer
B) Microsoft’s cloud-based identity and access management service.
Question 2:
What can Entra ID authorize and authenticate to?
- A) Only on-premise AD.
- B) Only web-applications.
- C) Only Azure Microsoft.
- D) Multiple sources such as on-premise AD, web-applications, and Azure Microsoft.
Show Answer
D) Multiple sources such as on-premise AD, web-applications, and Azure Microsoft.
Question 3:
What is a tenant in the context of Entra ID?
- A) A physical server storing an organization’s data.
- B) A virtual machine running in the Azure cloud.
- C) A dedicated Entra ID service instance representing an organization.
- D) A specific user within an Entra ID.
Show Answer
C) A dedicated Entra ID service instance representing an organization.
Azure Roles
Within Azure, there are 3 kinds of roles:
1. Classic Roles: These are subscription administrator roles, representing the original role system.
2. Azure Roles: This is an authorization system known as Role-Based Access Controls (RBAC) and is built on top of Azure Resource Manager.
3. Entra ID Roles: Entra ID roles are used to manage Entra ID resources in a directory.
Identity Access Management (IAM) allows you to create and assign roles to users.
Azure Roles (RBAC System)
Roles restrict access to resource actions (also known as operations). There are two types of roles:
- Built-in Roles: Managed Microsoft roles are pre-created read-only roles for you to use.
- Custom Roles: These roles are created by you with your own custom logic.
Role Assignment
Role assignment is when you apply a role to:
- Service principle
- (User) group
- User
Classic Administrators is the original role system. It is recommended to use the new RBAC system whenever possible.
Classic Administrators have three types of roles:
- Account Administrator: The billing owner of the subscription. Has no access to the Azure portal.
- Service Administrator: Same access as a user assigned the Owner role at the subscription scope. Full access to the Azure portal.
- Co-Administrator: Same access as a user who is assigned the Owner role at the subscription scope.
Here are a few important built-in Entra ID roles you should know:
- Global Administrator: Full access to everything.
- User Administrator: Full access to create and manage users.
- Billing Administrator: Can make purchases, manage subscriptions, and handle support tickets.
You can create custom roles, but you need to purchase either Entra ID Premium P1 or P2.
- Only one answer is correct.
- You can find correct answers at the bottom of this article
Question 4:
What are the three kinds of roles in Azure?
- A) Azure Roles, Classic Roles, RBAC Roles
- B) Classic Roles, Azure Roles, Entra ID Roles
- C) Custom Roles, Built-in Roles, Azure Roles
- D) Azure Roles, Entra ID Roles, User Administrator Roles
Show Answer
B) Classic Roles, Azure Roles, Entra ID Roles
Question 5:
Which of the following statements is true about Classic Administrator roles in Azure?
- A) The Service Administrator has limited access to the Azure portal.
- B) The Account Administrator is the billing owner and has full access to the Azure portal.
- C) The Co-Administrator has limited access compared to a user assigned the Owner role.
- D) The Service Administrator has the same access as a user assigned the Owner role at the subscription scope.
Show Answer
D) The Service Administrator has the same access as a user assigned the Owner role at the subscription scope.
Question 6:
What is necessary to create custom roles in Azure?
- A) Purchase of Entra ID Premium P1 or P2
- B) Full access to the Azure portal
- C) An active user account
- D) Special permission from Microsoft
Show Answer
A) Purchase of Entra ID Premium P1 or P2
Final thoughts
In this article, we’ve covered the basics of Entra ID and Azure Roles, provided key terminology and insights, and tested your knowledge with a quiz. By understanding these aspects of Azure, you’re well on your way to becoming proficient in Azure and potentially landing a job in the Azure environment.
We hope that you found this information helpful and that it clarified any questions you had. Stay tuned for more articles to further your understanding of Azure and other cloud technologies.
Follow IncreDevo blog and media – more lessons are about to come!
There are also some lessons provided by Microsoft in terms of AZ-104:
https://learn.microsoft.com/en-us/training/paths/az-104-administrator-prerequisites/
Good job!