Hello, Siberians. Welcome to this demonstration video titled As Your Heady Identity Management.
This lesson is part of the second model off the Is that 500 Microsoft Azure Security technologies costs
quick information on the tasks that are between you in this demonstration.
How stuck out by showing you out review. You are Joe Haiti addition on the features that your license to use.
How don't show you how to create as your Haiti users and groups is in different metals.
How created Dynamic User group with dynamic membership throat.
How Assigning user 20 Jahidi Administrative Oh,
how a sign as your resource roles to users and groups
how. Then conclude by creating an application registration,
assigning delegated permissions to heats
on, granting administrative consent for the permission.
Let's get into these.
The 1st 1 out, though, is I assure you out review You enjoyed the addition on the features that you're licensed years.
Our host show you out upgrade from a free addition to try out for me MP to addition.
Here I am in the azure Pato.
If I click on the left hand side over here, if I click on Azure Active directory,
I can see Madge or 80 addition displayed over here, so you can see I'm currently using Azure 80 Premium Peter.
However, if I want to review the information, even Father, I can click on licenses under left inside, and I can click on life since features
to review information off the features of them. License two years.
So here you can see how the different features on I can see if I'm licensed to use them.
If I wanted to sign up for your free trial off a premium pizza addition, I can click on the all products on. I can click on Try for Slash by,
and I can sign up for a free trial for it as a Haiti Premium P two or the Enterprise Mobility Sweets. If I so either off. This would give us as a Haiti premium Peter
in the nest. Ask how be showing you how to create users and groups using different methods?
Yes, official representation off. What are we, Dean Fast. Our creates three new users. She's in the azure Pato as your cli on azure. Partial.
How don't create in new assigned group called Cloud Architect on our heart to uses into the grip on back in the azure Pato
If I click on my azure A d tenants name on the left hand side over here I can go on the uses and I can click on New user Had a top here.
How fitting the information for my user
for the password. Our leave their sets toe auto generates I can click on Show the password and making not off this password
for now. How lived the groups and those
for the usage location Our type United Kingdom
How freedom the job information for this user
How? Click on create
So this creates a user called Bring the tower in the azure He d tenants,
Thanks for now show you outer creates to audit Jesus using azure cli on as your partial.
To do that out, click on cloud shell in the top right corner over here
If you're prompted to create a new storage account, if this is your first time off using cloud shower, just go ahead and click OK to that.
So right now I'm in the azure cloud shell on our pasting the commands to create a new user.
So he has the command to create a new user
that is e a d user creates, I specified, displaying him for the user. The password.
The use of principle Name on if I want to force the user to change the password on next login and also the male nickname
for Glide and first entered that
that creates two user
next one without the assure you out to create a user using as your partial. So switched this from cash to partial and I'll click on confirm
in the azure. Partial up from the 1st 1 I'll Do is I'll connects to Azure Haiti.
Now go ahead and specify the password profile that I'll be using for this user.
So here I'm creating a new object with the type of myself that opened that azure Haiti that model, that password profile
and one hour days. I'll specify the password within the profile.
The final friend out there here is how used the new Azure 80. Use a command. Let two creates the new user
so here specifying the new as your 80 user,
the display name of these er the password profile the user principal name. If the account is enabled
The mill nickname on the usage location for the user
for great and press enter to, That's
that's creates two new either. So what I'll do is I'll go ahead and closed the cloud shell.
If I refresh the screen,
I can see that M A crime has been created, and within a few seconds, I expect to see
John Lake sites account also showing here on the screen. So here we go Johnson County, Shane up. Now,
if I go back to Super Clouds, the next one I'll do is I'll create a new group. On fact, click on new group.
Name of the group will be called Cloud Architect. How gave it a description Off Cloud Architect It's
and for membership type, I'll specify Assigned for now for the members, I can click on members to select two new members for type in Grender
on directly Consul ECT. On. If I click on Create Stock, who hits the new group with you to new members in the next task, I'll show you how to create a dynamic user group in Nigeria. Haiti. Yes, a visual representation off what I'll be showing you
how create a group called London uses
with a dynamic membership through that automatically had any user who has a stay attribute that contains London. I'm back in the azure Pato. If I go back to groups,
I can click on new group and then I can give the group and name off London users
for the membership type out changed it from a scientist Dynamic Easa.
You can see that I can either have a dynamic is our dynamic device Group by cannot have a single dynamic group that contains uses and devices.
I'll click on the hard dynamic Web It so hard a query
where the city attributes off. The user
and you can see what the votes in tax looks like.
So one of the things to mention is that you have different operators here, where contentious means that the strength of them specifying must exist. I can also use something like match to specify wildcat way. It's gonna match a particular pattern that I'm specifying If I click, save and that
and if I click creates
one, that means peace. Any time I created new User
and I specify their city attributes to be London, other contents. London They will be automatically a hard day's to this group
on if I removed that property or that attribute from the user and user removed from this group
in the next task. How assuring you out to assign on Azure 80 administrative role to a user.
Now notice that I did know include groups because unfortunately, Onley users can be assigned to an azure 80 at Minimal.
Here's a visual representation off What are between you
when I created users earlier,
their whole just uses in azure Haiti,
if I want to grants to users administrative privileges in a joy ity itself after assigned the users toe as your 80 administrator roles
in this task of your signing Brenda to the global administrative Oh,
which means that she has full access to the tenants.
This is a road that would want to use very sparingly. Actually, Microsoft recommends not more than five global administrators in a tenant
on the identities that I global administrators should be well protected.
So back in the your Pato, if I click on the left inside and I go back to Magic Haiti Tenant,
if I click on the uses and I select Brenda.
If I click on the sign, those I can click on Add assignment
and I can specify one off the butte in votes Toe assigned to bring their
so devoted they want is Global Administrator, which gives full access if I go ahead and click on Global Administrator. And if I click on hard,
what is does is it assigns a row to bring the for the actual Haiti tenant itself in the next task. RB sharing you out to assign. As a service, Saas falls to users and groups. Yes, official representation off what are between in order to give my newly created as your Haiti users
permissions to a jury sauces.
How be assigning them toe have back rows in my job description.
Our start. By signing the owner, go to the Cloud Architect group that I created earlier.
How do L a ST John to the contributor row for the azure subscription
back in the azure Pado? If I click at the very top here and set for subscriptions,
if I click on subscriptions
and you can see that I have a single subscription called Super Cloud Prod.
If I click on that subscription,
I can click on the access control high him
and I can click on hard
and click on wall assignment.
I can specify the Azure Resource Audio Zhou Hao back row that I want to assign in this place. Owner on us pacified the azure Haiti User Group of service principle that I want to a scientist Vogtle, in this case, the Cloud Architects Crip Fig wide and click Save
that's going to apply devil assignment. If I click on the Vaal assignments,
I'll be able to verify the Cloud architect as on a permissions. I'll go back and click on Hard and I'll click on Hardball assignments this time around are be assigning a contributor. Oh, so these are called John
and I'll click on Save
and that's going to assign the vote. John on this is a separate full from the Azure 80 Administrator. Oh, this will up life. So I just descriptions and the resources within them
and the final service off tasks. How be doing Tree tings
fast are created and agile. Haiti Application Registration in the Azure Pado,
our signed delegated permissions to the hub
Hanau Grant Administrative consent for that permission.
Yes, official representation of what I'll be Dean
first, our create an application registration called Costume Hap. How then assigned delegated permissions to allow they have to read and write on all user profiles in Azure Haiti. Finally, our grand consent for that permission as an administrator
back in the azure Pato. If I click on the left hand side and go back to Azure Active Directory,
how click on the application registrations on I'll click on new registration, in this case are specified the name of my application called Custom Hat.
I can specify whether this is going to be for my organization to victory only or if it's going to be more detainment. In this case, I would just live with us, my organization homely.
This is where I can specify David directional life or off to authentication scenarios. If I'm using Web or even mobile applications,
it makes sense to specify the redirect you of I
so that once the talking has been granted, users can be redirected to the happen. In this case, I'll leave. This is empty, are quiet and click on register have to create in the half we get on application or client Heidi. This is something that will be needing if we want to authenticate as this happened,
how just making not of it
the next one. That out, though, is are assigned delegated permissions to these application
so that this application can hacks on behalf off users that authenticates to hit.
To do that, our click on a P I permissions
and I can see that this is the fourth permission that was granted, called user dot read to the Microsoft graph AP High,
and this allows delegated permission to be able to sign in and videos of Forfar.
How does extend this a bit?
How? Click on a Microsoft graph
and how screwed right down to where we have uses on 100 that out. Click on user Vihd
on Right for Hall four Force. So if I go ahead and click on that and I'll click on object permissions
so once I've done that assigns the permission. But then I need to grant consent for the permission that I just added. To do that, I can click on grant admin consent for super Clouds
on it asked me if I want to grant consent for the requested permission,
my guide and click Yes,
he can see that it now shows the status off the permissions As granted.
Here are some quiz questions really, that the tasks that we completed in this demonstration video
the company has on a joy D tenants named Test Cloud of X y Z.
The company is developing an application named H of Hap.
They have proven as a service on a sever, and we'll hot indicates to test cloud of X Y Z toe digit directory data via mikes. Off graph
units two delegates The minimum required permissions to the h of hap,
which to reaction should you perform in sequence from the azure Pato
select in the right order.
The first step to do is to create an application registration in azure Haiti.
Then, after that, will be heading an application permission.
This will not be a delegated permission because in this case, the application is running as a service as a demon
on a sever. In other words, this is not something that can
use delegated permissions on behalf off locked in Jesus.
So that would be application permission. If you remember from the last lesson
and finally will grant consent for the permission that was assigned to the application
Quiz. Question Number two.
The company has on azure subscription named Sub one that is associated to an azure 80 tenant named Light Bob. The X y Z.
The company develops in mobile application. Named up one
Have one uses the off to implicit grand type to acquire as your Haiti access tokens.
It needs to register help one. In Azure Hedy.
What information should you obtain from the developer to register the application?
If you select that every div Actually, you would be correct if you remember when I was creating the application registration Hey earlier were given an option to specify if it the vacuum awry where users will be redirected toe after talking. Za Granted, that concludes this demonstration video.
Thanks very much for watching and I'll see you in the next lesson.