Study/AZ-104-MicrosoftAzureAdministrator
1
0
Fork 0
mirror of https://github.com/MicrosoftLearning/AZ-104-MicrosoftAzureAdministrator.git synced 2026-02-10 10:57:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update LAB_02a_Manage_Subscriptions_and_RBAC_Entra.md

Browse Source
This commit is contained in:
staleycyn 2023-12-04 13:02:29 -08:00 committed by GitHub
parent 10ed04d9fc
commit f8644bf035
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
New Instructions/Lab/LAB_02a_Manage_Subscriptions_and_RBAC_Entra.md
View File

@ -1,16 +1,17 @@
--- ---
lab: lab:
title: 'Lab 02: Manage Subscriptions and RBAC' title: 'Lab 02a: Manage Subscriptions and RBAC'
module: 'Administer Governance and Compliance' module: 'Administer Governance and Compliance'
--- ---
# Lab 02 - Manage Subscriptions and RBAC # Lab 02a - Manage Subscriptions and RBAC
# Student lab manual
## Lab requirements ## Lab requirements
This lab requires permissions to create custom Azure Role Based Access Control (RBAC) roles, and assign these roles to users. This lab requires permissions to create custom Azure Role Based Access Control (RBAC) roles, and assign these roles to users.
## Estimated timing: 30 minutes
## Lab scenario ## Lab scenario
In order to simplify management of Azure resources in your organization, you have been tasked with implementing the following functionality: In order to simplify management of Azure resources in your organization, you have been tasked with implementing the following functionality:
@ -24,28 +25,19 @@ In order to simplify management of Azure resources in your organization, you hav
**Note:** An **[interactive lab simulation](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%202)** is available that allows you to click through a similar lab at your own pace. You may find slight differences between the interactive simulation and the hosted lab, but the core concepts and ideas being demonstrated are the same. **Note:** An **[interactive lab simulation](https://mslabs.cloudguides.com/guides/AZ-104%20Exam%20Guide%20-%20Microsoft%20Azure%20Administrator%20Exercise%202)** is available that allows you to click through a similar lab at your own pace. You may find slight differences between the interactive simulation and the hosted lab, but the core concepts and ideas being demonstrated are the same.
## Objectives ## Tasks
In this lab, you will:
+ Task 1: Implement management groups + Task 1: Implement management groups
+ Task 2: Review and assign a built-in Azure role + Task 2: Review and assign a built-in Azure role
+ Task 3: Create and assign a custom RBAC roles + Task 3: Create and assign a custom RBAC roles
+ Task 4: Monitor role assignments with the Activity Log + Task 4: Monitor role assignments with the Activity Log
## Estimated timing: 30 minutes
## Architecture diagram ## Architecture diagram
<!-- Update diagram - simplify names, get rid of custom role JSON--> <!-- Update diagram - simplify names, get rid of custom role JSON-->
![Diagram of lab tasks.](../media/az104-lab2a-architecture.png) ![Diagram of lab tasks.](../media/az104-lab2a-architecture.png)
# Instructions
## Exercise 1
## Task 1: Implement Management Groups ## Task 1: Implement Management Groups
In this task, you will create and configure management groups. Management groups are used to logically organize subscriptions. Subscriptions should be segmented as part of the [Microsoft Well-Architected Framework](https://learn.microsoft.com/en-us/azure/well-architected/), and allow for RBAC and Azure Policy to be assigned and inherited to other management groups and subscriptions. For example, if your organization has a dedicated support team for Europe, you can organize European subscriptions into a management group to provide the support staff access to those subscriptions (without providing individual access to all subscriptions). In our scenario everyone on the Help Desk will need to create a support request across all subscriptions. In this task, you will create and configure management groups. Management groups are used to logically organize subscriptions. Subscriptions should be segmented as part of the [Microsoft Well-Architected Framework](https://learn.microsoft.com/en-us/azure/well-architected/), and allow for RBAC and Azure Policy to be assigned and inherited to other management groups and subscriptions. For example, if your organization has a dedicated support team for Europe, you can organize European subscriptions into a management group to provide the support staff access to those subscriptions (without providing individual access to all subscriptions). In our scenario everyone on the Help Desk will need to create a support request across all subscriptions.