Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians. Welcome to this demonstration on Azure key vote.
00:05
This demonstration is part of the HBO do off. The is that 500 Microsoft Azure security technologist costs
00:13
quick information on the activities that will be completing in this demonstration.
00:18
We'll start by first. Configuring verb is access control fire jerky vote
00:23
would end confit grant access policy for azure key votes
00:28
and finally will verify both verb is access control on access policy. Let's get right into this
00:35
In the first task off this demonstration our configure vobis access control fire jerky vote
00:41
on Harris. A visual representation off what I'll be doing.
00:46
I have a key vote called Super Clouds KV
00:50
I have a secret would in it called Secret password
00:55
In the first, ask our grant management plan access to the as your 80 user called Brenda so that you can view and manage the vote on also view usage information.
01:07
So here I am in the azure Pato.
01:11
If I go ride on, click on my key votes I created here
01:15
and within the key vote we have access control
01:19
figure I'd and click on access control
01:23
if I grammatically conv all assignments to view existing VEL assignment. You can say that only the user, David asked. Management plan access to this key vote.
01:32
So what is our guide and click on Hard
01:34
and I'll click on Advil assignment
01:38
and I'll select the key vote contributor. Vote
01:42
on our assigned us to the user Brenda on a wired and click save.
01:49
And now that that is saved, he can see that Brenda now has keyboard contributor management plan access to this key vote.
01:57
So in the next task off this demonstration,
02:00
our configure on access policy for Azure key vote on here is a visual representation of what? RB Dean. How grants did a plane access to the Azure 80 user called John so that John can view secrets in the key vote. I'll be configuring the access policy
02:20
so allow the guest list operations for secrets in the key vote.
02:24
So here I am, back in the azure Pato and I'm under the key votes that I have
02:30
now on the left hand side. We can see access policies here, so that's where we grant data plane access for great and click on access policies.
02:38
I can see that only the use of David currently as data plan access to this key vote. So if I go ahead and click on add access policy
02:47
now to select the permissions that I want, I can guide and configure. It's using a template, or I can specify the permissions by myself. So what I'll do is I'll be specifying Onley access to secrets. And I will be specifying Get on list operations on Lee
03:04
for the principal. I'll go ahead and click on the option to select the principle
03:09
on our quiet and said For my user, John
03:13
and I have Jones account yet If I go ahead and select John
03:16
and I great and click on Select
03:19
now, if I go ahead and click on Hard
03:22
now, its added that, but it's not yet completed. Do not forget to click on the safe option here, but before I click on the safe option, I just want to mention a few teams. So we measure where we're reviewing as a key vote in the last lesson about advance access policy.
03:39
And this is where we can configure those three use cases that we discussed
03:44
our while and just click seventies on Was that it saved Now John has data plane access to view secrete in this key vote
03:53
and in the final task off this demonstration are very five boats Devo based Access Control on access policy that we configured
04:01
on is a visual representation off. What are between
04:06
are very fighter. Brenda can view vote information using a management plane access. However, Brenda should not be able to view and a secret within the key vote are also very fighter. John can view secrets in the key vote, but John should not be able to view
04:26
information about the key vote properties.
04:30
So here I am, back in the azure Pato. This time around, I'm logged in as Brenda on this brother Tab and I'm logged in as John on another browser tab over here.
04:40
So let's verify if Brenda can view the key vote management plane.
04:46
If I go ahead and click on subscriptions,
04:49
we can sit up. Brenda can view the subscription, and Brenda has resource access. So if I go ahead and click on the subscription
04:57
and I go ahead and select resources
05:00
now, Brenda can on leave you the results that she has permissions to. So if I go ahead and select that resource.
05:06
And if I grabbed and taken properties, you can see that brand. I can view the properties off the ski vote. If I go ahead and click on access policies, you can see that Brenda can review and even modify the access policy for this key vote because the permission that we grant it allows her to do that.
05:26
However, if I go, I'd and click on secrets.
05:30
We get a message that says Brenda is no authorized to view secret. So that looks to be working.
05:35
We have true role separation management plan access Onley with doubts. Did a plane level access.
05:43
So let's go to confirm the same thing on the side off John. So here I am in a shell window, logged in as John
05:50
Verify the John can access the data plain and with secrets and the key vote. How be using the command line and I'll be running this command?
06:00
Is that key Evil Secret Show
06:02
the name of the secrets that I have, which is called Secret Password
06:06
on the name of the key votes. So if I go ride and run that
06:12
you can see that John can retrieve value off this secret within the key vote.
06:17
However, if I switch over to the idea Pato
06:20
on, I'm currently on the subscriptions. If I quiet and refresh that
06:26
John cannot even view any subscription because John doesn't have management level access toe any resource in azure.
06:33
So here's a somebody off the activities that we completed in this demonstration
06:39
we started by configuring verbals access control for your key votes
06:44
with all comfort. Got an access policy for your key vote
06:47
on Dwight. Very fried robe is access control on access policy that we configured for the two years is that we tested wit.
06:56
Thanks very much for watching and I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor