Tenant Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
22 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
24
Video Transcription
00:00
>> In this lecture, we're going to be talking about
00:00
tenant management
00:00
>> and just generally what tenants are in Azure.
00:00
>> Like I said, learning objectives,
00:00
we want to understand how
00:00
Azure tenants work and what they are.
00:00
We're going to be breaking down
00:00
the Azure AD tenant structure,
00:00
and their relationship with subscriptions,
00:00
and what this all means to you.
00:00
Let's go ahead and get started.
00:00
What are tenants? It's a good place to start.
00:00
Azure tenants are basically
00:00
auto created upon the account setup.
00:00
They're basically what I like to think of as a buckets
00:00
of users and groups
00:00
that you're going to be storing within Azure AD,
00:00
you can create several different types of tenants.
00:00
It's a way to organize a large groups of
00:00
users and groups of users within Azure AD.
00:00
Ideally, the thought behind this is you
00:00
can manage like departments.
00:00
Let's say you have a large department of
00:00
users that are going to be using an Azure account,
00:00
a shared Azure account across an organization.
00:00
Let's say the tenant
00:00
is going to consist of like 50 users.
00:00
That might be small, but let's just say
00:00
that's the example that we're going to go for here.
00:00
You can use a tenant to bundle a group of people.
00:00
You can use a tenants to manage a group of
00:00
50 people and only allow
00:00
them certain access to particular resources.
00:00
You can break down the tenant into
00:00
more detailed buckets
00:00
>> and allow those smaller groups of people
00:00
>> or smaller pool of people
00:00
>> access to certain resources
00:00
>> or in times using the IAM solution and so forth.
00:00
>> They're going to be used to organize users and
00:00
groups and what they have access to,
00:00
and tenants have
00:00
a one-to-many relationship with subscriptions.
00:00
Let's talk a little bit about that more.
00:00
Here's the account lifecycle
00:00
of what happens when you set up an Azure environments.
00:00
You sign up for an Azure account,
00:00
then when you've done that,
00:00
you automatically are populated
00:00
>> with an Azure AD tenant.
00:00
>> It's just something that has to happen for you
00:00
to have an Azure account because
00:00
you're going to need an Azure AD service in order to
00:00
manage users and access to services in general.
00:00
What kind of permissions you're going to
00:00
be granting those users?
00:00
In order for all of that to take place natively,
00:00
you're just going to have at least one tenant.
00:00
You can build more if you need,
00:00
but you're just going to have
00:00
>> one right out of the gate.
00:00
>> You can create these things called Azure subscriptions,
00:00
which are used to contain
00:00
the Cloud services that belongs to the tenant.
00:00
Two different ways of organizing your environment.
00:00
You have Azure tenant,
00:00
which manages and organizes
00:00
the users and what they have permission to,
00:00
and then you have Azure subscriptions,
00:00
which is a way of organizing
00:00
the actual Cloud services that are going to belong
00:00
>> to a particular team or particular department.
00:00
>> One way to think of this,
00:00
let's say you have an Azure tenant
00:00
for your entire development team.
00:00
Let's say your entire development team is 100 people,
00:00
but then you have lots of subscriptions.
00:00
You can have various teams.
00:00
Let's say you have 10 teams of 10 people
00:00
>> in that Azure tenant.
00:00
>> You can have 10 subscriptions.
00:00
You can have a subscription for one development project
00:00
only for their dev environments,
00:00
another subscription for their tests,
00:00
and another one for their production and so forth,
00:00
so you can break this up.
00:00
The reason why you want to do this,
00:00
>> is not only for security,
00:00
>> it's also for billing.
00:00
You can actually bill and
00:00
organize the usage of
00:00
the resources that are going to be utilize.
00:00
It's a good way to monitor for performance
00:00
>> and make sure that you're following the guidelines
00:00
>> that are set by your organization to make sure
00:00
>> that you're not overreaching that costs,
00:00
>> that you might need to be keeping an eye on.
00:00
Likely, you will.
00:00
>> This is a good way to keep an eye on that,
00:00
>> is by breaking it into
00:00
these smaller groups called tenants and subscriptions.
00:00
From there, to fulfill the graphic that I have here,
00:00
you're going to be deploying your Cloud services
00:00
within the Azure subscription.
00:00
There again, let's go to recap.
00:00
We're going to sign up for an account.
00:00
You're going to be auto configured Azure AD tenants,
00:00
and then you'll have Azure subscription
00:00
>> for your actual services which you'll be
00:00
>> deploying within that Azure subscription.
00:00
Another way to view this,
00:00
and we talked a little bit about this
00:00
earlier is that one-to-many relationship.
00:00
You have an Azure tenant,
00:00
you can't have multiple subscriptions
00:00
assigned to that Azure tenant.
00:00
What I have here are the icons
00:00
resembling various services.
00:00
This could be storage,
00:00
this could be compute or vice versa.
00:00
You can have all different kinds of
00:00
Azure services you assign to this subscriptions,
00:00
which are being managed by users
00:00
>> and groups within the Azure tenant.
00:00
>> This right here is going to
00:00
describe another way of looking at it.
00:00
Here, we want to not confuse you.
00:00
You have an Azure account,
00:00
this is obviously the correct way to do it.
00:00
You're going to have an Azure AD tenant,
00:00
and then you can have multiple subscriptions.
00:00
I want to make sure that this is clear
00:00
>> because I found this actually
00:00
>> confusing when I was learning about this myself online.
00:00
Some people tend to think, "Oh,
00:00
you can set up tenants within Azure subscriptions."
00:00
No, that's not the case.
00:00
Subscriptions go beneath the tenants
00:00
as you see here in this illustration, not here.
00:00
Tenants do not go to subscriptions,
00:00
they are not like that.
00:00
Tenants manage users and groups,
00:00
subscription manages services.
00:00
Subscriptions belong to the tenants.
00:00
Clear as mud.
00:00
This was a brief lesson.
00:00
But in this lesson, we covered
00:00
what tenants are and how they're used
00:00
>> to organize users' groups and access
00:00
>> rights to services within your subscriptions.
00:00
Just to recap, tenants have
00:00
a one-to-many relationship with subscriptions.
00:00
Make sure you remember that
00:00
>> because going into the exam,
00:00
>> you may be asked that whenever
00:00
you hit identity questions,
00:00
so make sure you understand
00:00
the differences and how they work.
00:00
It's a good idea to go in there and play around.
00:00
Soon here and in this course,
00:00
you're going to be touching on a lab.
00:00
In that lab, you'll get an opportunity
00:00
to explore this a little bit further.
00:00
But I do encourage you to go out there
00:00
>> and set up your own account,
00:00
>> and try this on your own.
00:00
Once you feel comfortable with that,
00:00
let's go ahead and hop into the next lesson.
Up Next