The best way to become efficient with Azure is to get hands-on experience to test your skill set. This chapter will test the skills you acquired in the first four chapters. The labs in this chapter are referencing the official Microsoft Learning labs on GitHub.
In brief, the following lab sections are required to be completed:
- Managing Azure Active Directory identities
- Managing subscriptions and RBAC
- Managing governance via Azure Policy
Technical requirements
To follow this chapter hands-on, you will need access to an Azure Active Directory (AD) tenant as a global administrator. If you do not have access to one, students can enroll with a free account: https://azure.microsoft.com/en-in/free/.
An Azure subscription is also required; you can either register with your own credit card or enroll for the free $200 one-off credit by using the following link: https://azure.microsoft.com/en-us/free/.
An Azure AD Premium P1 license is also required for some of the sections; luckily, there is also a free trial for one month: https://azure.microsoft.com/en-us/trial/get-started-active-directory/.
Important Note
Even though the labs are in GitHub, no GitHub account is required to access the labs.
Managing Azure AD objects
The following is the link to the official Microsoft learning GitHub labs, which will guide you through each task step by step for managing Azure AD objects:
Lab scenario one
You are the administrator of an organization and have been instructed to provision users and groups within Azure AD.
This lab scenario consists of four different lab tasks with an estimated time of 30 minutes to complete, which are described as follows:
- Task one: Create and configure Azure AD users.
- Task two: Create Azure AD groups with assigned and dynamic memberships.
- Task three: Create an Azure AD tenant.
- Task four: Manage Azure AD guest users.
After you have completed the labs, you can remove the resources created.
Note
It is best practice to remove unused resources to ensure that there are no unexpected costs, even though resources created in this lab do not incur additional costs.
Now that we have practically learned how to create users and groups within Azure AD, let’s next have a look at how to implement Role-Based Access Control (RBAC).
Managing RBAC
The following is the link to the official Microsoft learning GitHub labs, which will guide you through each task step by step for managing RBAC:
Lab scenario two
You are the administrator of an organization and have been instructed to improve the management of Azure resources; you need to implement the following:
- Creating a management group that includes all Azure subscriptions
- Granting permissions to submit support requests for all subscriptions in the management group to a specific Azure AD user
This lab scenario consists of three different lab tasks with an estimated time of 30 minutes to complete:
- Task one: Implement management groups.
- Task two: Create custom RBAC roles.
- Task three: Assign RBAC roles.
After you have completed the labs, you can remove the resources created.
