Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond
Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond

Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond: A pragmatic guide to achieving the Azure administration certification , Second Edition

Arrow left icon
Profile Icon Riaan Lowe Profile Icon Donovan Kelly
Arrow right icon
$79.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6 (13 Ratings)
Paperback Jul 2022 776 pages 2nd Edition
eBook
$43.99 $63.99
Paperback
$79.99
Subscription
Free Trial
Renews at $19.99p/m
Arrow left icon
Profile Icon Riaan Lowe Profile Icon Donovan Kelly
Arrow right icon
$79.99
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6 (13 Ratings)
Paperback Jul 2022 776 pages 2nd Edition
eBook
$43.99 $63.99
Paperback
$79.99
Subscription
Free Trial
Renews at $19.99p/m
eBook
$43.99 $63.99
Paperback
$79.99
Subscription
Free Trial
Renews at $19.99p/m

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond

Chapter 1: Managing Azure Active Directory Objects

This first chapter of this book is focused on learning how to manage Azure Active Directory (Azure AD) objects. In this chapter, you will learn how to create and manage users and groups within Azure AD, including user and group properties. Additionally, we will look at Azure AD's administrative units (AUs) and discover how to create them alongside managing device settings and performing bulk user updates. You will also learn how to manage guest accounts within Azure AD, configure Azure AD join, and configure Self-Service Password Reset (SSPR).

In brief, in this chapter, the following topics will be covered:

  • Creating Azure AD users and groups
  • Creating AUs
  • Managing user and group properties
  • Managing device settings
  • Performing bulk user updates
  • Managing guest accounts
  • Configuring Azure AD join
  • Configuring SSPR

Technical requirements

In order to follow along with the hands-on exercises, you will need access to Azure AD as a global administrator. If you do not have access to this, students can enroll for a free account at https://azure.microsoft.com/en-in/free/.

An Azure AD Premium P1 license is also required for some of the sections. Luckily, there is also a free 1-month trial for students at https://azure.microsoft.com/en-us/trial/get-started-active-directory/.

Creating Azure AD users and groups

Azure AD offers a directory and identity management solution within the cloud. It offers traditional username and password identity management, alongside roles and permissions management. On top of that, it offers more enterprise-grade solutions, such as Multi-Factor Authentication (MFA) and application monitoring, solution monitoring, and alerting.

Azure AD can easily be integrated with your on-premises Active Directory to create a hybrid infrastructure.

Azure AD offers the following pricing plans:

  • Free: This offers the most basic features, such as support for single sign-on (SSO) across Azure, Microsoft 365, and other popular SaaS applications, Azure Business-to-Business (B2B) for external users, support for Azure AD Connect synchronization, self-service password change, user and group management, and standard security reports.
  • Office 365 Apps: Specific Office 365 subscriptions also provide some functionality such as user and group management, cloud authentication, including pass-through authentication, password hash synchronization, seamless SSO, and more.
  • Premium P1: This offers advanced reporting, MFA, Conditional Access, Mobile Device Management (MDM) auto-enrollment, Azure AD Connect Health, advanced administration such as dynamic groups, self-service group management, and Microsoft Identity Manager.
  • Premium P2: In addition to the Free and Premium P1 features, the Premium P2 license includes Azure AD Identity Protection, Privileged Identity Management, access reviews, and entitlement management.

    Note

    For a detailed overview of the different Azure AD licenses and all the features that are offered in each plan, you can refer to https://www.microsoft.com/nl-nl/security/business/identity-access-management/azure-ad-pricing?rtc=1&market=nl.

Creating users in Azure AD

We will begin by creating a couple of users in our Azure AD tenant from the Azure portal. To do this, perform the following steps:

  1. Navigate to the Azure portal by opening a web browser and browsing to https://portal.azure.com.
  2. In the left-hand menu, select Azure Active Directory.
  3. Under the Manage blade of Azure AD in the left-hand menu, select Users | All users. Then, select the + New user option from the top-level menu, as follows:
Figure 1.1 – The Azure AD Users blade

Figure 1.1 – The Azure AD Users blade

  1. We are going to create three users. Add these values that are shown in the following screenshot:
    • Name: PacktUser1.
    • User name: The username is the identifier that the user enters to sign in to Azure AD. Select your domain name, which has been configured, and add this to the end of the username. The default is usually an onmicrosoft.com domain, but in my case, I have assigned a custom domain name, called safezone.fun. In the First name section, I have chosen Packt, and in the Last name section, I have added User1. Therefore, the User name value, in my case, will be [email protected]:
Figure 1.2 – The Azure AD user creation page part 1

Figure 1.2 – The Azure AD user creation page part 1

  1. Leave the sections under Groups and Roles in their default settings for now.
  2. Next, we need to fill in information regarding the following:
    • Block sign in: No
    • Usage location: South Africa
    • Job title: Azure administrator
    • Department: IT
    • Company name: Packt1
    • Manager: No manager selected:
Figure 1.3 – The Azure AD user creation page part 2

Figure 1.3 – The Azure AD user creation page part 2

  1. Click on Create.
  2. Repeat these steps to create two more users: PacktUser2 and PacktUser3.

Now that we have created users in our Azure AD tenant, we can add them to a group in Azure AD.

Creating groups in Azure AD

There are two main group types, as follows:

  • Security groups: These groups serve the same function as traditional on-premises groups, which is to secure objects within a directory. In this case, it is to secure objects within Azure AD.
  • Microsoft 365 groups: These groups are used to provide a group of people access to a collection of shared resources that is not just limited to Azure AD but also includes shared mailboxes, calendars, SharePoint libraries, and other Microsoft 365-related services.

Security groups are used as container units to group users or devices together. There are three main membership types for security groups:

  • Assigned: This is where you manually assign users to a group.
  • Dynamic user: This is where you can specify parameters to automatically group users, for example, grouping all users who have the same job title.
  • Dynamic device: This is where you can specify parameters to automatically group devices, for example, grouping all devices that have the same operating system version.

To create and manage groups from the Azure AD tenant in the Azure portal, you have to perform the following steps:

  1. Navigate to the Azure portal by opening a web browser and browsing to https://portal.azure.com.
  2. In the left-hand menu, select Azure Active Directory.
  3. Under the Manage blade of Azure AD in the left-hand menu, select Groups | All groups. Then, select the + New group option from the top-level menu, as follows:
Figure 1.4 – The Azure AD group creation page part 1

Figure 1.4 – The Azure AD group creation page part 1

  1. Add the following values to create the new group:
    • Group type: Security
    • Group name: Azure Admins
    • Group description: Dynamic group for all Azure Admins
    • Azure AD roles can be assigned to the group: No
    • Membership type: Dynamic User
    • Owners: No owners selected:
Figure 1.5 – The Azure AD group creation page part 2

Figure 1.5 – The Azure AD group creation page part 2

  1. Refer to the following screenshot to add a dynamic query.

For the Dynamic Query rule, the property is jobTitle, the operator is Equals, and the value is Azure administrator, as shown in the following screenshot:

Figure 1.6 – The Azure AD group dynamic query

Figure 1.6 – The Azure AD group dynamic query

  1. Click on Create.

    Tip

    Remember that when using dynamic groups, a Premium P1 license needs to be assigned to the user.

Now that we have created the group, replication takes around 5 minutes. Refresh the Azure web page, and the users will appear as members of the Azure admins group that we just created:

Figure 1.7 – The Azure AD group's dynamic group users added automatically 
based on the membership rules

Figure 1.7 – The Azure AD group's dynamic group users added automatically based on the membership rules

In this section, we took a look at Azure AD users and groups and created a few accounts. We also created a dynamic membership group to include users via dynamic membership rules.

We encourage students to read up further by using the following links, which are based on Azure AD fundamentals such as adding users in Azure AD, assigning RBAC roles, creating Azure AD groups, and also creating dynamic groups in Azure AD:

Next, we are going to look at Azure AUs, specifically where they can be used and how to create an AU.

Creating Azure AD AUs

Azure AD AUs are used in scenarios where granular administrative control is required. AUs have the following prerequisites:

  • An Azure AD Premium P1 license is required for each AU administrator.
  • An Azure AD Free license is required for AU members.
  • A privileged role administrator or global administrator is required for configuration.

    Tip

    AUs can be created via the Azure portal or PowerShell.

The easiest way to explain AUs is by using a scenario. A company called Contoso is a worldwide organization with users across 11 countries. Contoso has decided that each country is responsible for its own users from an administrative point of view. That is where Azure AD AUs come in handy. With AUs, Contoso can group users per country and assign administrators that only have control over these users and cannot administrate users in other countries.

The following diagram displays a high-level overview of how AUs work in the same tenant across different departments. The following example is based on different regions:

Figure 1.8 – An AU overview displaying the separation of users for US sales and UK sales

Figure 1.8 – An AU overview displaying the separation of users for US sales and UK sales

The following roles can be assigned within an AU:

  • Authentication administrator
  • Groups administrator
  • Help desk administrator
  • License administrator
  • Password administrator
  • User administrator

    Important Note

    Groups can be added to the AU as an object; therefore, any user within the group is not automatically part of the AU.

Now, let's go ahead and create an AU via the Azure portal:

  1. Navigate to the Azure portal by opening a web browser and browsing to https://portal.azure.com.
  2. In the left-hand menu, select Azure Active Directory.
  3. Under the Manage blade of Azure AD in the left-hand menu, select Administrative units and click on + Add:
Figure 1.9 – The AU blade within Azure AD

Figure 1.9 – The AU blade within Azure AD

  1. Enter a name for the group. I'm using South Africa Users. In the Description field, it is best practice to add a brief description of what this AU is going to be used for:
Figure 1.10 – The creation blade for an AU

Figure 1.10 – The creation blade for an AU

  1. Next, under Assign roles, add the users that you want to be administrators based on the available roles. Then, select Password administrator and choose PacktUser1.
  2. Click on Review + create:
Figure 1.11 – The AU summary page

Figure 1.11 – The AU summary page

  1. The next step is to add all the users you want PacktUser1 to manage; in our case, we need to add PacktUser1, PacktUser2, and PacktUser3. On the left-hand side, under Manage, click on Add member and select the members:
Figure 1.12 – Adding users to the AU

Figure 1.12 – Adding users to the AU

  1. Now you will see that all three users have been added to the AU:
Figure 1.13 – Displaying the users added to the AU

Figure 1.13 – Displaying the users added to the AU

  1. You can now log in with PacktUser1, and you should be able to reset the password of PacktUser2.

    Important Note

    Remember, you need to assign an Azure AD P1 license to administrators within the AU.

In this section, we explained what an AU is and how it can be used. Additionally, we went through the creation of an AU step by step.

We encourage students to read up further by using the following links, which will provide additional information around AU management:

Now, let's move on and take a look at how to manage user and group properties.

Managing user and group properties

Part of an Azure administrator's task is to understand what can be done from a user and group perspective within Azure AD. Let's take a look at what we can configure for an Azure AD user account:

  • Profile: This is where you can view and update information such as the name, user type, job information, and more.
  • Assigned roles: This setting is where you can view all of the role assignments for that specific account; assignments can be in the form of eligible, active, or expired assignments.
  • Administrative units: This setting displays the AUs that the user is part of.
  • Groups: This setting displays the AD groups that the user is part of.
  • Applications: This setting displays the application assignments.
  • Licenses: This setting displays what licenses are currently assigned to the user account.
  • Devices: This setting shows what devices are associated with the user account, including the join type such as Azure AD joined.
  • Azure role assignments: This setting displays the resources on a subscription level to which the account has access.
  • Authentication methods: This setting displays the authentication contact information, such as the phone number and email address for MFA. From here, you can also set the account to reregister for MFA or revoke current MFA sessions.

Now that we have reviewed all the user properties, let's take a look at the group settings.

Azure AD groups have the following settings available:

  • Overview: This displays the membership type, the source directory, the object ID, the creation date, and more.
  • Properties: This setting displays the general settings for the group, such as the group name, the description, the group type, and the membership type, which can be changed here.
  • Members: This setting displays all of the current members of the group; bulk operations can also be performed from here.
  • Owners: This setting displays the owners of the group who can modify the group and the members within it.
  • Administrative units: This setting displays the AUs that the group is part of.
  • Group memberships: This setting displays all of the security groups that the group belongs to (nested grouping).
  • Applications: This setting displays the application assignments.
  • Licenses: This setting displays the licenses that are assigned to the group, which group members will inherit automatically.
  • Azure role assignments: This setting displays the resources of a subscription level to which the group members have access.
  • Dynamic membership rules: This setting displays the configuration rules; for dynamic groups, this is where you can change the configuration rules, which will affect the members of the group.

And that brings an end to the user and group properties. In this section, we have looked at all of the different settings for Azure AD users and Azure AD groups.

We encourage students to read up further by using the following links, which will provide additional information around managing group settings via the command line and also dive into external user attribute flows:

Next, we are going to look at how to manage device settings within Azure.

Managing device settings

Azure AD offers the ability to ensure that users are accessing Azure resources from devices that meet corporate security and compliance standards. Device management is the foundation of device-based conditional access, where you can ensure that access to the resources in your environment is only possible from managed devices.

Device settings can be managed from the Azure portal. To manage your device settings, your device needs to be registered or joined to Azure AD.

To manage the device settings from the Azure portal, you have to perform the following steps:

  1. Navigate to the Azure portal by opening https://portal.azure.com.
  2. In the left-hand menu, select Azure Active Directory.
  3. In the Azure AD Overview blade, under Manage, select Devices, as follows:
Figure 1.14 – The Azure AD Devices blade

Figure 1.14 – The Azure AD Devices blade

The device management blade will open. Here, you can configure your device management settings, locate your devices, perform device management tasks, and review the device management-related audit logs.

  1. To configure the device settings, select Device settings from the left-hand menu. From here, you can configure the following settings, which are shown in the following screenshot:
    • Users may join devices to Azure AD: Here, you can set which users can join their devices to Azure AD. This setting is only applicable to Azure AD join on Windows 10.
    • Users may register their devices with Azure AD: This setting needs to be configured to allow devices to be registered with Azure AD. There are two options here: None, that is, devices are not allowed to register when they are not Azure AD joined or hybrid Azure AD joined, and All, that is, all devices are allowed to register. Enrollment with Microsoft Intune or MDM for Office 365 requires registration. If you have configured either of these services, All is selected and None is not available.
    • Require Multi-Factor Authentication to register or join devices with Azure AD: Here, you can request that the user is required to perform MFA when registering a device. Before you can enable this setting, MFA needs to be configured for the users who register their devices.
    • Maximum number of devices per user: This setting allows you to select the maximum number of devices that a user can have in Azure AD.
    • Manage Additional local administrators on all Azure AD joined devices: This setting allows you to add additional local administrators for Azure AD joined devices.
    • Manage Enterprise State Roaming settings: This setting provides users with a unified experience across all of their Windows devices and reduces the turnaround time when configuring new devices:
Figure 1.15 – The Azure AD Device settings blade

Figure 1.15 – The Azure AD Device settings blade

  1. To locate your devices, under Manage, select All devices. In this overview, you will see all the joined and registered devices, as follows:
Figure 1.16 – The Azure AD All devices blade displaying all of the devices linked to Azure AD

Figure 1.16 – The Azure AD All devices blade displaying all of the devices linked to Azure AD

  1. Additionally, you can select the different devices from the list to get more detailed information about the device. From here, global administrators and cloud device administrators can disable or delete the device, as follows:
Figure 1.17 – The Azure AD device details for a specific device with the option 
to disable or delete the selected device

Figure 1.17 – The Azure AD device details for a specific device with the option to disable or delete the selected device

  1. To audit logs, under Activity, select Audit logs. From here, you can view and download the different log files. Additionally, you can create filters to search through the logs, as follows:
Figure 1.18 – The Azure AD device Audit logs blade

Figure 1.18 – The Azure AD device Audit logs blade

This concludes our section on how to manage your device settings via the Azure portal.

We encourage students to read up further by using the following links:

Next, we are going to look at how to perform bulk user updates.

Performing bulk updates

Performing bulk user updates is similar to managing single users (such as internal and guest users). The only property that can't be set for multiple users is resetting the password. This has to be done for a single user.

Azure has also improved its bulk user settings by adding a drop-down menu that enables you to do the following via the downloadable CSV template and then re-uploading it:

  • Bulk user creation
  • Bulk user invitation
  • Bulk user deletion
  • Bulk user downloads

To perform a bulk user update, you have to perform the following steps:

  1. Navigate to the Users overview blade again in Azure AD.
  2. Select the Bulk operations drop-down menu:
Figure 1.19 – The Azure AD bulk user operations option

Figure 1.19 – The Azure AD bulk user operations option

  1. From the menu, select the action you want to complete; for example, select Download users:
Figure 1.20 – The Azure AD bulk user download setting

Figure 1.20 – The Azure AD bulk user download setting

  1. Also, you can update multiple users by selecting them and choosing to delete them or configure MFA for each user:

Figure 1.21 – The alternative Azure AD method for bulk user operations

This concludes our demonstration on how to perform bulk user updates and how it works.

We encourage students to read up further by using the following links, which will look at adding bulk users:

In the next section, we are going to cover how you can manage guest accounts.

Managing guest accounts

You can also add guest accounts in Azure AD using Azure AD B2B. Azure AD B2B is a feature on top of Azure AD that allows organizations to work safely with external users. To be added to Azure B2B, external users don't require a Microsoft work or personal account that has been added to an existing Azure AD tenant.

All sorts of accounts can be added to Azure B2B. You don't have to configure anything in the Azure portal to use B2B; this feature is enabled by default for all Azure AD tenants. Let's see how to manage guest accounts by performing the following steps:

  1. Adding guest accounts to your Azure AD tenant is similar to adding internal users to your tenant. When you navigate to the Users overview blade, you can choose + New guest user from the top-level menu, as follows:
Figure 1.22 – The Azure AD Users blade to add a new guest user

Figure 1.22 – The Azure AD Users blade to add a new guest user

  1. Then, you can provide an email address and a personal message, which is sent to the user's inbox. This personal message includes a link to log in to your tenant.
  2. Select Invite user to add the user to your Azure AD tenant, and send an invitation to the user's inbox:
Figure 1.23 – Azure AD – inviting a guest user

Figure 1.23 – Azure AD – inviting a guest user

  1. To manage external users after creation, you can select them from the Users overview blade. They will have a User type value, which is named Guest. Simply select the user from the list, and you will be able to manage the settings that are displayed in the top-level menu for this user, as follows:
Figure 1.24 – The Azure AD Users blade displaying the account as Guest under User type

Figure 1.24 – The Azure AD Users blade displaying the account as Guest under User type

And that brings an end to this section. In this short section, we have reviewed guest accounts in Azure AD and learned how to configure them.

We encourage students to read up further by using the following links, which will provide additional information around restricting guest permissions: https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/users-restrict-guest-permissions.

In the next section, we are going to look at what Azure AD join is and how to configure it for Windows 10 devices.

Configuring Azure AD join

With Azure AD join, you are able to join devices directly to Azure AD without the need to join your on-premises Active Directory in a hybrid environment. While hybrid Azure AD join with an on-premises Active Directory might still be preferred for some scenarios, Azure AD join simplifies the process of adding devices and modernizes device management for your organization. This can result in the reduction of device-related IT costs.

Your users are getting access to corporate assets through their devices. To protect these corporate assets, you want to control these devices. This allows your administrators to ensure that your users are accessing resources from devices that meet your standards for security and compliance.

Azure AD join is a good solution when you want to manage devices with a cloud device management solution, modernize your application infrastructure, simplify device provisioning for geographically distributed users, and when your company is adopting Microsoft 365 as the productivity suite for your users.

Azure AD join can be deployed by using any of the following methods:

  • Bulk deployment: This method is used to join large numbers of new Windows devices to Azure AD and Microsoft Intune.
  • Windows Autopilot: This is a collection of technologies used to preconfigure Windows 10 devices so that the devices are ready for productive use. Autopilot can also be used to reset, repurpose, and recover devices.
  • Self-service experience: This is also referred to as a first-run experience, which is mainly used to join a new device to Azure AD.

When it comes to joining devices to Azure AD, there are two main ways of managing those devices:

  • MDM only: This is when the device is managed exclusively by an MDM provider such as Intune.
  • Comanagement: This is when the device is managed by an MDM provider and System Center Configuration Manager (SCCM).

When joining a Windows 10 device to Azure AD, there are two scenarios that we need to look at:

  • Joining a new Windows 10 device via the Out-of-Box Experience (OOBE).
  • Joining an already configured Windows 10 device to Azure AD.

Let's take a look at how we can join an existing Windows 10 device to Azure AD:

  1. On the Windows 10 device, search for Settings and open Accounts.
  2. Select Access work or school, and choose Connect:
Figure 1.25 – The Windows 10 settings menu to add and connect a device to Azure AD

Figure 1.25 – The Windows 10 settings menu to add and connect a device to Azure AD

  1. Under Alternate actions, choose Join this device to Azure Active Directory:
Figure 1.26 – The Windows 10 device with the selected option to join the device to Azure AD

Figure 1.26 – The Windows 10 device with the selected option to join the device to Azure AD

  1. A new window will pop up and ask you to sign in. Sign in with your organization's account. In my case, this will be [email protected]:
Figure 1.27 – The Windows 10 device requires you to sign in to an 
Azure AD account to join it to Azure AD

Figure 1.27 – The Windows 10 device requires you to sign in to an Azure AD account to join it to Azure AD

  1. You will be prompted to verify whether you want to join your domain. Proceed by clicking on the Join button:
Figure 1.28 – The Windows 10 device summary page before joining it to Azure AD

Figure 1.28 – The Windows 10 device summary page before joining it to Azure AD

And now the Windows 10 device has been successfully joined to Azure AD:

Figure 1.29 – The Windows 10 device has successfully been joined to Azure AD

Figure 1.29 – The Windows 10 device has successfully been joined to Azure AD

  1. As a final step, let's navigate to the Azure portal and under Manage, select Devices, and our newly Azure AD joined device will show up:
Figure 1.30 – Displaying the recently joined Windows 10 device in Azure AD under the Devices blade

Figure 1.30 – Displaying the recently joined Windows 10 device in Azure AD under the Devices blade

That brings an end to this section. We have learned what Azure AD join is, the methods to enroll, and we have also shown the steps of how to manually join a Windows 10 device to Azure AD.

We encourage students to read up further by using the following links, which will provide additional information around Azure AD join, Windows Autopilot, and bulk device enrollment:

In the next section, we are going to take a look at SSPR.

Configuring SSPR

By enabling a self-service password for your users, they are able to change their passwords automatically, without calling the help desk. This will significantly eliminate the management overhead.

Note

The Azure AD free-tier license only supports cloud users for SSPR, and only password change is supported, not password reset.

SSPR can be easily enabled from the Azure portal. To do this, perform the following steps:

  1. Navigate to the Azure portal by opening https://portal.azure.com.
  2. In the left-hand menu, select Azure Active Directory.
  3. In the Azure AD Overview blade, in the left-hand menu, under Manage, select Password reset, as follows:
Figure 1.31 – The Azure AD Password reset blade

Figure 1.31 – The Azure AD Password reset blade

  1. In the Password reset overview blade, you can enable SSPR for all your users, by selecting All, or for selected users and groups, by selecting Selected. For this demonstration, enable it for all users and click on Save in the top-level menu, as follows:
Figure 1.32 – The Azure AD Password reset properties

Figure 1.32 – The Azure AD Password reset properties

  1. Next, we need to set the different required authentication methods for your users. To do this, under Manage, select Authentication methods.
  2. In the next blade, we can set the number of authentication methods that are required to reset a password and explore what methods are available for your users, as follows:
Figure 1.33 – The Azure AD Password reset blade displaying the available 
authentication methods for users

Figure 1.33 – The Azure AD Password reset blade displaying the available authentication methods for users

  1. Make a selection and click on Save.

    Important Note

    If you want to test SSPR after configuration, make sure that you use a user account without administrator privileges.

We encourage students to read up further by using the following links:

Summary

In this chapter, we discussed how to create Azure AD users via the Azure portal, how to create a dynamic group, and how to add users to that dynamic group. We addressed user and group properties. Additionally, we discussed the different bulk user operations and how to create a guest account from the Azure portal. Finally, we discussed how to join a Windows 10 device to Azure AD and how to enable the configuration options for SSPR.

In the next chapter, we'll cover Role-Based Access Control (RBAC) and get hands-on with creating custom RBAC roles. Additionally, we will learn how to interpret role assignments.

Left arrow icon Right arrow icon
Download code icon Download Code

Key benefits

  • Get to grips with AZ-104 exam topics like infrastructure and applications to help with Azure administration
  • Experience Azure through practical labs based on real-world administrative tasks
  • Learn practical management tips from experienced professionals

Description

Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond covers all the exam objectives and will help you to earn the Microsoft Azure Administrator certification with ease. Whether you’re studying to pass the AZ-104 exam or just want hands-on experience in administering Azure, this AZ-104 study guide will help you to achieve your objectives. This book covers the latest Azure features and capabilities around configuring, managing, and securing Azure resources. Adhering to Microsoft's AZ-104 exam syllabus, this guide is divided into five modules. The first module will show you how to manage Azure identities and governance. You'll find out how to configure Azure subscription policies at the Azure subscription level and use Azure policies for resource groups. After that, the book covers techniques related to implementing and managing storage in Azure, enabling you to create and manage Azure Storage, including File and Blob storage. In the second module, you’ll learn how to deploy and manage Azure compute resources. The third and fourth modules will teach you about configuring and managing virtual networks and monitoring and backing up Azure resources. Finally, you'll work through mock tests, with answers provided, to prepare for this exam. By the end of this book, you'll have the skills needed to pass the AZ-104 exam and be able to expertly manage Azure.

Who is this book for?

This book is for cloud administrators, engineers, and architects looking to understand Azure better and gain a firm grasp on administrative functions or anyone preparing to take the Microsoft Azure Administrator (AZ-104) exam. A basic understanding of the Azure platform is needed, but astute readers can comfortably learn all the concepts without having worked on the platform before by following all examples in the book.

What you will learn

  • Manage Azure Active Directory users and groups along with role-based access control (RBAC)
  • Discover how to handle subscriptions and implement governance
  • Implement and manage storage solutions
  • Modify and deploy Azure Resource Manager templates
  • Create and configure containers and Microsoft Azure app services
  • Implement, manage, and secure virtual networks
  • Find out how to monitor resources via Azure Monitor
  • Implement backup and recovery solutions
Estimated delivery fee Deliver to South Korea

Standard delivery 10 - 13 business days

$12.95

Premium delivery 5 - 8 business days

$45.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Jul 22, 2022
Length: 776 pages
Edition : 2nd
Language : English
ISBN-13 : 9781801819541
Vendor :
Microsoft
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to South Korea

Standard delivery 10 - 13 business days

$12.95

Premium delivery 5 - 8 business days

$45.95
(Includes tracking information)

Product Details

Publication date : Jul 22, 2022
Length: 776 pages
Edition : 2nd
Language : English
ISBN-13 : 9781801819541
Vendor :
Microsoft
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just $5 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total $ 196.97
Microsoft Azure Fundamentals Certification and Beyond
$69.99
Designing and Implementing Microsoft DevOps Solutions AZ-400 Exam Guide
$46.99
Exam Ref AZ-104 Microsoft Azure Administrator Certification and Beyond
$79.99
Total $ 196.97 Stars icon
Banner background image

Table of Contents

29 Chapters
Part 1: Managing Azure Identities and Governance Chevron down icon Chevron up icon
Chapter 1: Managing Azure Active Directory Objects Chevron down icon Chevron up icon
Chapter 2: Managing Role-Based Access Control Chevron down icon Chevron up icon
Chapter 3: Creating and Managing Governance Chevron down icon Chevron up icon
Chapter 4: Managing Governance and Costs Chevron down icon Chevron up icon
Chapter 5: Practice Labs – Managing Azure Identities and Governance Chevron down icon Chevron up icon
Part 2: Implementing and Managing Storage Chevron down icon Chevron up icon
Chapter 6: Understanding and Managing Storage Chevron down icon Chevron up icon
Chapter 7: Securing Storage Chevron down icon Chevron up icon
Chapter 8: Practice Labs – Implementing and Managing Storage Chevron down icon Chevron up icon
Part 3: Deploying and Managing Azure Compute Resources Chevron down icon Chevron up icon
Chapter 9: Automating VM Deployments Using ARM Templates Chevron down icon Chevron up icon
Chapter 10: Configuring Virtual Machines Chevron down icon Chevron up icon
Chapter 11: Creating and Configuring Containers Chevron down icon Chevron up icon
Chapter 12: Creating and Configuring App Services Chevron down icon Chevron up icon
Chapter 13: Practice Labs – Deploying and Managing Azure Compute Resources Chevron down icon Chevron up icon
Part 4: Configuring and Managing Virtual Networking Chevron down icon Chevron up icon
Chapter 14: Implementing and Managing Virtual Networking Chevron down icon Chevron up icon
Chapter 15: Securing Access to Virtual Networks Chevron down icon Chevron up icon
Chapter 16: Configuring Load Balancing Chevron down icon Chevron up icon
Chapter 17: Integrating On-Premises Networks with Azure Chevron down icon Chevron up icon
Chapter 18: Monitoring and Troubleshooting Virtual Networking Chevron down icon Chevron up icon
Chapter 19: Practice Labs – Configuring and Managing Virtual Networking Chevron down icon Chevron up icon
Part 5: Monitoring and Backing Up Azure Resources Chevron down icon Chevron up icon
Chapter 20: Monitoring Resources with Azure Monitor Chevron down icon Chevron up icon
Chapter 21: Implementing Backup and Recovery Solutions Chevron down icon Chevron up icon
Chapter 22: Practice Labs – Monitoring and Backing Up Azure Resources Chevron down icon Chevron up icon
Chapter 23: Mockup Test Questions and Answers Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Top Reviews
Rating distribution
Full star icon Full star icon Full star icon Full star icon Half star icon 4.6
(13 Ratings)
5 star 69.2%
4 star 23.1%
3 star 7.7%
2 star 0%
1 star 0%
Filter icon Filter
Top Reviews

Filter reviews by




dimitris Oct 22, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This is how all reference guides should look like. It covers everything with many screenshot of all the relevant parts.
Subscriber review Packt
Calvin Yousefian Mar 05, 2024
Full star icon Full star icon Full star icon Full star icon Full star icon 5
This book is hands down the ultimate resource for acing the AZ-104 exam. The materials are expertly curated for easy comprehension, making it a must-have for anyone preparing for the test.
Amazon Verified review Amazon
Tomica Kaniski Aug 08, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
In my opinion, this book covers all you will need to pass your AZ-104: Microsoft Azure Administrator exam, from theory to practical exercises, and contains even some mockup test questions/answers! With close to 800 pages of content, it may seem a lot, but... it's nicely structured and well-written... so, no objections there!
Amazon Verified review Amazon
Michael May 13, 2023
Full star icon Full star icon Full star icon Full star icon Full star icon 5
The subjects are developed clearly and the book has served as an excellent reference in helping to complete the Microsoft Azure online course.
Amazon Verified review Amazon
jkassak Aug 26, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
I haven't had a chance to read all of the book, but what I did read was good. There were plenty of references back to Microsoft docs for more details. The book has helpful diagrams. It goes into depths on the topics. Some of the chapters have practice labs, where were helpful. There is also a section at the end with practice test questions.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact [email protected] with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at [email protected] using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on [email protected] with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on [email protected] within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on [email protected] who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on [email protected] within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela