Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians. Welcome to this demonstration on Azure Management Group.
00:04
This demonstration is part of the foot Madu off the Is that 500 Microsoft Azure Security Technologies, cars.
00:12
Quick information on the tax that'll be completing In this demonstration, I'll start out by creating a child management group. How their assigned permissions to manages access for the management group. How move a subscription into a child management group, review how to transfer the authentication trust office description and finally
00:31
review how to transfer the organization billing for his description.
00:35
Let's jump right into this.
00:38
So in the first ask, are we creating a child management girl?
00:42
He has a visual representation of what are between
00:45
the organization that I'm currently using already has the vote management group enabled.
00:51
However, I only have a single subscription on the debts.
00:54
How be created a child management group on that that food management group.
00:59
So here I am in the Aja Pato. If I glide and such for management's
01:03
and I click on management groups
01:07
now, you can see that the tenant foot management group has been enabled. If you're yet to enable that for your environment, you see the option to statues in management groups over here and just need to click on that so have already done that for my environment,
01:19
however, I only have a single subscription with no child management grip.
01:25
So how the child managed been group are quiet and click on the option to hard management group.
01:30
I went and create a new one
01:32
on for the management Group I D, which cannot be changed after creation. Out typing M G Dash one
01:38
from Management one
01:41
for the display name now used the exact same Finn. So just mg dash one on our guide and click on Safe.
01:47
So that took just a few minutes to create. So now I have my child management group
01:52
in the next task. How be assigning permissions to manage Devote management
01:59
Here is a visual representation off what are between
02:02
after we're never management group
02:05
by the false No. One as permissions. At the right level,
02:08
however, a global administrator in a giant E can assign themselves to the User Access Administrative Oh, at of wood management level,
02:19
this is something. Dash it on the big done for the initial configuration off the vote management group or in the case off on emergency. Where are the users and administrators are locked out?
02:30
So here I am. Back in the azure, Pato are wired and click on left hand side here, and I'll go ahead and click on Azure Active Directory.
02:39
Now the user that I'm logged in house David is a global administrator in this azure lady tenant.
02:46
What are we, Dean, is our go on the properties for the azure lieutenant
02:52
on other properties? If I scroll down the beats, you see the option that say's access management for azure resources
03:00
on If I guide and sets that option to Yes on, I go ahead and click seven. That's
03:05
that's going to grant permissions to David to be able to manage things at the vote management group level.
03:10
So if I go back to management groups now and I select that option and just give it a few minutes and after a few minutes, this option to manage the Route Management group that's currently great outs will be enabled and David and there you go, just refreshing that and I can go ahead and click on that option,
03:29
and I can manage things at the management level.
03:32
So in the next task. How be moving a subscription into a management group.
03:38
Aan s a visual presentation of what are between
03:42
this is the current Iraqi that I have. What are we doing? This our baby arranging that. So I have the root management group, a child management group on the debts, and I'll have my subscription under that child management group.
03:54
So here I am, back in the azure portal.
03:58
I have my route. Management grew up here, and I can see my child monitoring the group on my subscription are. Go ahead and click in front of the subscription Outlook on Move,
04:08
and I wired and change the parent management group for that subscription to empty one and I'll go ahead and click Save.
04:15
And once that updated, then I have the hierarchy that I should to you in the diagram.
04:21
So that's done soon. I've Vote Management Group that has a child management group on Under my child management group. I have my subscription, so that's good.
04:30
In the next task, I would actually be doing anything I'll just be reviewing which you out to transfer subscription authentication. Trust on what I mean by that is I want to move the Aggerated tenants that its execution currently trust toe another Zhu 80 talents.
04:47
So here I am back in the azure pato.
04:50
So the 1st 1 without do is how glad and click on Azure active directory
04:56
and you can see my azure A D tenant over here
05:00
on organization can have more than one as your A D tenant can actually go create another one and feeling this information for in new a joy to tenants
05:10
on a single user can create off 200 as your A D tenants.
05:15
So what are these? I won't go through this process. I was just quiet and click close and that
05:19
I currently have two as your a d tenants that have created for these organizations. So if I go ahead and refresh the screen
05:27
on our great and select start, you can see my two tenants over here.
05:31
What I'll be doing is I'll be switching my subscription from one tenants to another tenant. I would actually go through the process. I just want to show you how it works.
05:41
So to do that, if I go back to the dashboard, unlikely conscription.
05:46
I have my subscription there if I grade and select my subscription,
05:50
and I have the option to change the direct tricks if I go ahead and click on the, ah, front of Change the Directory.
05:56
So my subscription currently trusts this as your A D tenants as its directory,
06:01
I can switch that's to another as your lady tenant and click change, and that so that's gonna take quote a while. Just give it probably about 30 or so minutes to complete. But once it completed, that's going Teoh dissemble anymore based access control that we've configured for users that belongs to distant.
06:20
And we need to reconfigure of always access control for users that launched a new tenant. But that's how you do that process
06:28
in the final task off this demonstration are revealing our to transfer subscription organization building.
06:34
So here I am, back in the agile Potter are go ahead and close this option here,
06:40
so right in front of the change directory option have the option to transfer 1,000,000,000 ownership, however, if remember, when we're talking about the process to do this in the earlier lesson
06:50
but mentioned that this is no supported for free are just descriptions are open license. I just descriptions. If I go ahead and click on that, I get an error message that says my subscription is not supported because it's a free subscription.
07:02
So what I'll do is I'll go switch to another subscription
07:06
that I can use to just show you that option but wouldn't go through the process.
07:13
So here I am, in the Azure Pato for another, as your environment
07:17
and I have the option to transfer 1,000,000,000 ownership here. So if I go ahead and click on that option,
07:24
you consider that one needs to impute the recipient email address for the organization that I'm gonna be sent in. This, too
07:30
on. I mentioned in the previous lesson that whichever recipients that I put in here as to be a 1,000,000,000 administrator for the organization,
07:41
this is the option where you can choose toe, also move the subscription tenants or the authentication trust as part of that process. So that's a simple as that. So once you feel in the right email address on you, go ahead and send a transfer request. The recipient had mean we needs toe except to transfer request,
07:59
and they just go to the rest of the process at that point.
08:03
So here's a somebody off the task double completed in this demonstration,
08:07
I started by creating a child management group
08:11
without assigned permissions to manage the root management group. In a joy D.
08:16
We moved a subscription into a child management group.
08:20
We reviewed out of transfer I subscription not indication trust
08:24
and finally reviewed out of transfer my subscription organization building.
08:28
Thanks very much for watching this video, and I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor