13. What you have to do with Azure for licensing
What is azure
enrollment ?
14. Azure enterprise agreement
The Enterprise Agreement is designed for
organizations that want to license software and
cloud services for a minimum three-year period.
As of October 10, 2022 direct EA customers won’t be able to manage
their billing account in the EA portal. Instead, they must use the Azure
portal.
15. What you have to do with Azure for licensing
What is azure
Subscription ?
16. Azure Account Hierarchy
Azure Enterprise
Department
Accounts
Subscriptions
https://ea.azure.com
https://account.azure.com
https://portal.azure.com
Resource groups
18. Role (role definition) is a Collection of action that assigned
identity will be able to perform
Role definition is an answer to question what can be done ?
19.
20. Security principal is an azure object (identity) that can be assigned
to a role (ex. Users, groups or application)
Security principal assignment is an answer to a question “who can
do it ?”
21.
22. Scope one ore more azure resource that access applies to
Scope assignment is an answer to a question “where can it be
done ?”
31. Azure Active Directory
Cloud based identity provider
Controls access to azure resource
Provides Authentication & Authorization service to Azure portal, Microsoft office 365 & other
SaaS services
Manage device using azure AD
Support Oauth, OpenID, SAML, ADFS authentication protocol
34. Azure Multi-Factor Authentication
Multi-factor authentication is a process in which users are prompted during the
sign-in process for an additional form of identification, such as a code on their
cellphone or a fingerprint scan.
Support following authentication method:
Microsoft authenticator Apps
OAuth hardware Token
SMS
Voice Call
35. Self-Service Password Reset
Azure Active Directory (Azure AD) self-service password reset (SSPR) gives
users the ability to change or reset their password, with no administrator or
help desk involvement.
Password change
Password reset
Unlock Account
36. Azure AD B2B
Azure Active Directory (Azure AD) B2B collaboration is a feature within External
Identities that lets you invite guest users to collaborate with your organization.
A simple invitation and redemption process
lets partners use their own credentials to
access your company's resources. You can
also enable self-service sign-up user flows to
let external users sign up for apps or
resources themselves.
37. Azure AD B2C
Azure AD B2C is a Customer Identity and Access Management (CIAM) solution
that lets you build user journeys for consumer- and customer-facing apps.
With Azure AD B2C, customers can sign in
with an identity they've already established
(like Facebook or Gmail). You can
completely customize and control how
customers sign up, sign in, and manage
their profiles when using your applications.
38. Azure AD B2B vs B2C
B2B collaboration - Collaborate with external
users by letting them use their preferred identity
to sign in to your Microsoft applications or other
enterprise applications
Azure AD B2C - Publish modern SaaS apps or
custom-developed apps (excluding Microsoft
apps) to consumers and customers, while using
Azure AD B2C for identity and access
management.
39. Azure AD Connect
Azure AD Connect is an on-premises Microsoft
application that's designed to meet and
accomplish your hybrid identity goals. Azure AD
Connect provides the following features:
Password hash synchronization
Pass-through authentication
Federation integration
Synchronization
Health Monitoring
40. Password hash synchronization
Password hash synchronization is an extension to the directory synchronization feature
implemented by Azure AD Connect sync. You can use this feature to sign in to Azure AD
services like Microsoft 365. You sign in to the service by using the same password you use
to sign in to your on-premises Active Directory instance.
41. Pass-through Authentication
Azure Active Directory (Azure AD) Pass-through Authentication allows your users to sign in
to both on-premises and cloud-based applications using the same passwords. This feature
provides your users a better experience - one less password to remember
This feature provides your users a
better experience - one less
password to remember, and reduces
IT helpdesk costs because your
users are less likely to forget how
to sign in.
44. Health Monitoring
Azure Active Directory (Azure AD) Connect Health provides robust monitoring of your on-premises identity
infrastructure. It enables you to maintain a reliable connection to Microsoft 365 and Microsoft Online
Services. This reliability is achieved by providing monitoring capabilities for your key identity components.
Also, it makes the key data points about these components easily accessible.
45. Azure AD vs Azure AD DS vs On Prem ADDS
Azure AD Azure AD Domain Services On-Prem ADDS
Authentication
Oauth/OpenID Connect/WS-
Federation Kerberos and NTLM Protocol Kerberos and NTLM Protocol
Object Policy Management
Mobile Device Management
(MDM) software like Intune Group Policy Group Policy
Communication HTTP & HTTPS LDAP LDAP
Structure
Flat/No Forest-Domain
Hierarchy
Singel Domain / OU Structure
Possible with limitation
Forest Multidomain
hierarchy/OU Structure
Possible
Schema
Schema modification not
possible
Schema modification not
possible
Schema modification is
possible
47. Governance In Azure
Governance in Azure is one aspect of Azure Management (Framework)
Azure has many services and tools that work together to provide complete management.
These services aren't only for resources in Azure, but also in other clouds and on-premises.
Governance in Azure is primarily implemented with two services. Azure Policy allows you to
create, assign, and manage policy definitions to enforce rules for your resources
Azure Cost Management allows you to track cloud usage and expenditures for your Azure
resources and other cloud providers.
Why azure governance ?
Organize and structure resource
Standardize and Define
Transparency of resource
Controll accsess & Cost
Enfroce Policies
48. Azure Policy
Allow to create, assign and manage policy
Runs evaluations and scans for non-compliant resources
Advantages: Enforcement and compliance, apply policies
at scale, Remediation
50. Implementing Azure Policy
Implementing policies from github
Policies written in JSON
Create custom policy definition
Include one or more policies
Requires planning
52. Resource Tag
Azure Resource tags logically organizes
resources.
You apply tags to your Azure resources giving
metadata to logically organize them into a
taxonomy. Each tag consists of a name and a
value pair.
56. Azure Storage
The Azure Storage platform is Microsoft's cloud storage solution for modern data storage
scenarios. Azure Storage offers highly available, massively scalable, durable, and secure
storage for a variety of data objects in the cloud. Azure Storage data objects are accessible
from anywhere in the world over HTTP or HTTPS via a REST API
57. Azure Storage Service
Azure Blobs: A massively scalable object store for text and binary data. Also includes
support for big data analytics through Data Lake Storage Gen2.
Azure Files: Managed file shares for cloud or on-premises deployments.
Azure Queues: A messaging store for reliable messaging between application
components.
Azure Tables: A NoSQL store for schemaless storage of structured data.
Azure Disks: Block-level storage volumes for Azure VMs.
58. AzureBlob Storage
Unstructured storage for storing object
store image, video, and file of any type
Use Cases : Streaming video and images direct
to user, Storing data for backup and restore,
disaster recovery, and archiving, Storing data
for analysis by an on-premises or Azure-
hosted service.
59. AzureBlob Storage
Easy way to create file shares
support smb 2.1 and 3.0
Mount on windows, linux, or Mac
Azure file sync dan be utilized to sync file
server on premise with Azure Files
60. AzureBlob Storage
Azure Table storage is now part of Azure Cosmos
DB, In addition to the existing Azure Table storage
service, there is a new Azure Cosmos DB Table API
offering that provides throughput-optimized
tables, global distribution, and automatic
secondary indexes
A NoSQL key-value to store
Schemaless design
Structured or unstructured data
Access using Odata protocol and LinQ queries
WCF data service .NET libraries
61. Queue Storage
Queue storage gives you asynchronous message
queueing for communication between application
components, whether they are running in the
cloud, on the desktop, on-premises, or on mobile
devices.
62. Disk Storage
Azure managed disks are block-level storage
volumes that are managed by Azure and used with
Azure Virtual Machines. Managed disks are like a
physical disk in an on-premises server but,
virtualized
64. Azure Storage Replication Explained
LRS (Locally Redundant Storage) ensure your data is replicated three times within a single
datacenter. These
datastores are updated using synchronous writes to guarantee all three copies are kept
up to date
65. Azure Storage Replication Explained
ZRS (ZONE REDUNDANT STORAGE) copies your data synchronously across three Azure availability
zones in the primary region. For applications requiring high availability, Microsoft recommends
using ZRS in the primary region, and also replicating to a secondary region.
66. Azure Storage Replication Explained
Geo-redundant storage (GRS) brings additional redundancy to the data storage over both LRS or
ZRS. Along with the three copies of your data stored within a single region, a further three
copies are stored in the twinned Azure region
67. Azure Storage Explorer
Upload, download, and manage Azure Storage blobs, files, queues, and tables, as well as Azure
Data Lake Storage entities and Azure managed disks. Configure storage permissions and access
controls, tiers, and rules.
68. Understanding Az Copy
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage
account.
69. Managing Access : Container Permission
A shared access signature (SAS) provides secure delegated access to resources in your storage
account. With a SAS, you have granular control over how a client can access your data.
74. Availability options for Azure Virtual Machines
Availability Zones
Virtual Machines Scale Sets
Availability Sets
75. Availability Zones
Availability zones expands the level of control you have to maintain the availability of the
applications and data on your VMs. An Availability Zone is a physically separate zone, within an
Azure region. There are three Availability Zones per supported Azure region.
76. Virtual Machines Scale Sets
Azure virtual machine scale sets let you create and manage a group of load balanced VMs. The
number of VM instances can automatically increase or decrease in response to demand or a
defined schedule
77. Availability Sets
An availability set is a logical grouping of VMs that allows Azure to understand how your
application is built to provide for redundancy and availability.
78. What does an Availability Set consist of?
Consisting of logical groups that protect the VMs against hardware failures and also allow back-
end updates to be applied safely without affecting the performance of your deployed IaaS VMs,
these are grouped as Update Domains and Fault Domains
Update Domains:- Local grouping of underlying Azure hardware that can be maintained or
rebooted at the same time.
Fault Domains:- Local grouping of underlying Azure hardware that share the same hardware
such as networking and power supplies.
79. CREDITS: This presentation template was created by Slidesgo,
including icons by Flaticon, and infographics & images by Freepik
THANKS