If you are getting started working with Azure you might come across a few key terms that it's important to have a good understanding of. In this post I'm going to cover what I think are four of the key ones. Tenant A Tenant, as it relates to Azure, refers to a single instance of … Continue reading Understanding Tenants, Subscriptions, Regions and Geographies in Azure
If you've ever worked in any form of systems administrator role then you will be familiar with process automation, even only for simple tasks like automating backups. You will also be familiar with the pain of configuring and managing identities for these automated processes (expired password or disabled/deleted account ever caused you any pain?!) While … Continue reading Azure Automation Runbooks with Azure AD Service Principals and Custom RBAC Roles
The introduction of the Azure Resource Manager platform in Azure continues to expose new possibilities for managing your deployed resources.
One scenario that you may not be aware of is the ability to use scoped RBAC role assignments to grant limited rights to Azure AD-based users and groups.
We know Azure provides us with many built-in RBAC roles, but it may not be immediately obvious that you can control their assignment scope.
What do I mean by this?
Simply that each RBAC role (including custom ones you create) can be used at various levels within Azure starting at the Subscription level (i.e. applies to anything in the Subscription) down to a Resource (i.e. applies just to one particular resource such as a Storage Account). Role assignments are also cascading – if I assign “Owner” rights to a User or Group at the Subscription level then they have that role…
View original post 731 more words
I've been working on some engagements recently where we've been reviewing the current state of security capabilities in Azure, and with the recent General Availability of RBAC support in Azure I thought I'd write a quick overview on Kloud's blog of how you can move from the traditional Administrator / Co-Adminstrator setup to leveraging RBAC.