AZ-104 Microsoft Azure Administrator Exam

Manage Azure identities and governance

Manage Microsoft Entra users and groups

Microsoft Entra is a crucial service for managing user identities and ensuring access security. It allows administrators to create, manage, and delete user accounts within an organization. By doing so, they can give employees the necessary permissions to access various resources and applications.

Groups within Microsoft Entra make managing permissions more efficient. Instead of assigning access rights individually, administrators can create groups based on department, role, or other criteria. Users within a group inherit predefined permissions, simplifying the management of access rights.

One essential aspect of managing Entra users and groups is understanding the concept of single sign-on (SSO). SSO allows users to access multiple applications and resources using a single set of login credentials. This not only enhances security but also streamlines the login process, leading to improved productivity.

Manage access to Azure resources

Managing access to Azure resources is vital for maintaining security and operational efficiency. Azure provides several tools and services to control who can access specific resources and what actions they can perform.

Role-Based Access Control (RBAC) is a fundamental concept in Azure access management. RBAC allows administrators to assign predefined roles to users, providing them with the necessary permissions for their job functions. For instance, a developer might have permissions to create and modify virtual machines, while a support technician could have permission only to monitor and start them.

Another key tool is Azure Active Directory (AD), which integrates with RBAC to provide comprehensive access management solutions. With Azure AD, administrators can manage user identities and access rights across different Azure services. It also supports conditional access policies, which add an extra layer of security by enforcing specific requirements before granting access.

Access management also involves using management groups and resource tags to organize and govern resources effectively. Management groups enable the grouping of subscriptions for centralized management, while resource tags help categorize and manage resources based on specific attributes.

Manage Azure subscriptions and governance

Azure subscriptions are the foundation for managing resources in Azure. Subscriptions define the billing boundary for resources used within an organization. Administrators need to understand how to manage these subscriptions effectively to optimize costs and ensure compliance.

One essential tool for subscription management is the Azure Cost Management + Billing service. It helps track usage, monitor spending, and set budgets to avoid unforeseen expenses. Understanding how to use this service is crucial for predicting costs and planning accordingly.

Azure Governance includes setting up policies and controls to ensure resources are compliant with organizational standards and regulations. Azure Policy is a service that enables administrators to create, assign, and manage policies that enforce rules on resources in the Azure environment. For example, administrators can require that all storage accounts meet certain encryption standards or restrict virtual machine sizes based on organizational guidelines.

Another vital aspect of governance is Azure Blueprints, which provides templates for creating and maintaining compliant environments. Blueprints allow administrators to deploy a repeatable set of governed resources, facilitating faster and consistent policy application across multiple environments.

Conclusion

In summary, managing Azure identities and governance encompasses several critical components, including handling Microsoft Entra users and groups, controlling access to Azure resources, and overseeing subscriptions and governance strategies. These practices ensure that the organization’s Azure environment remains secure, compliant, and efficient. By mastering these areas, administrators can effectively support their organization’s cloud operations while safeguarding against risks and optimizing costs.