http://www.dushyantgill.com/blog/contact Managed Identity partner@yahoo.com Owner = ellen@outlook.com prospectivecustomer@live.com Active Directory ellen@company.com aaron@company.com Owner = aaron@hotmail.com Owner = xyz@gmail.com Owner = xyz@yahoo.com.

http://www.dushyantgill.com/blog/contact Managed Identity [email protected] Owner = [email protected] [email protected] Active Directory [email protected] [email protected] Owner = [email protected] Owner = [email protected] Owner = [email protected].

Transcript http://www.dushyantgill.com/blog/contact Managed Identity [email protected] Owner = [email protected] [email protected] Active Directory [email protected] [email protected] Owner = [email protected] Owner = [email protected] Owner = [email protected].

http://www.dushyantgill.com/blog/contact
Managed Identity
[email protected]
Owner = [email protected]
[email protected]
Active
Directory
[email protected]
[email protected]
Owner = [email protected]
Owner = [email protected]
Owner = [email protected]
2500+ Pre-Integrated SAAS Apps
Managed Identity
Users & Groups
Sync
Active
Directory
[email protected]
[email protected]
Azure
Active
Directory
Roles and Role
Assignments
[email protected]
prospectivecustomer
@live.com
• Roles-Based Access Control
• Self-Service Groups Management
• B2B Access Management
• Conditional Access (MFA, Device Health, Network)
• Attribute Based Access Control
• Managed Access to Daemon Services
• Secure Sharing with Consumer Accounts
• Self-Service Password Management
Microsoft Online Services
Owner = [email protected]
Owner = [email protected]
Microsoft Azure IAAS/PAAS
Company In-House Developed Cloud Apps
R
RG
S
R
R
RG
R
Role Assignment
RG
R
Role Assignment
Role = ‘Owner’
Subject = AAD User
Scope = Resource
Role = ‘Reader’
R
Subject = AAD Group
Scope = Subscription Role Assignment
Role = ‘Contributor’
Subject = AAD User
Scope = Resource Group
http://www.dushyantgill.com/blog/2015/02/08/keep-a-tab-on-access-settings-of-your-azuresubscriptions/
On-Premises
Active
Directory
Users, Groups and
Password Sync
Azure
Azure
Active
Directory
Owners of
Subscriptions
Subscription
per Sector
..
Sector 1
Sector 2
Region
NA
Region
SA
..
Division
Mktg
Division
Sales
..Tracked per Division
IT Director’ Office
VNet Contributors of
“standard” VNet RGs
Network Admins
Infrastructure
Admins and Support
Virtual Machine
Contributors of
Project RGs and
“standard” VNet RGs
Appropriate Role on
Project RGs
Project Team Roles
Express Route(s)
“Standard” VNet
per Division
in separate resource group
Resource Group
per Project
Project 1
Project 2
..
Billing
Tags
Region, Division, Project
Subnet
On “standard” Vnet
assigned to each Project
http://www.dushyantgill.com/blog/2015/04/26/say-goodbye-to-key-management-manageaccess-to-azure-storage-data-using-azure-ad/
2) Read Secret
(Storage Account Key)
1) Authenticate
Azure AD
User/Service
3) Access
Storage
Account
with Key
Storage
Account
Key Vault
Write Secret
(New Storage
Account Key)
Scheduled Job
Running in Azure
Automation
Storage
Account
Regenerate Storage
Account Key
http://www.dushyantgill.com/blog/2015/02/28/attribute-based-access-control-for-azure/
http://www.dushyantgill.com/blog/contact
http://myignite.microsoft.com