/
Role-Based  Access Control for Role-Based  Access Control for

Role-Based Access Control for - PowerPoint Presentation

lois-ondreau
lois-ondreau . @lois-ondreau
Follow
356 views
Uploaded On 2018-10-31

Role-Based Access Control for - PPT Presentation

Azure CDPB213 Dushyant Gill Question Do you consider finergrained access management for Azure a critical requirement Question Have you used the Azure preview portal Question Do you know what Azure Active Directory is ID: 705438

microsoft azure role access azure microsoft access role roles resource app groups http aad owner directory solutions active company

Share:

Link:

Embed:

Download Presentation from below link

Download Presentation The PPT/PDF document "Role-Based Access Control for" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1
Slide2

Role-Based Access Control for AzureCDP-B213

Dushyant GillSlide3

QuestionDo you consider finer-grained access management for Azure a critical requirement? Slide4

QuestionHave you used the Azure preview portal? Slide5

QuestionDo you know what Azure Active Directory is? Slide6

Adoption of IAAS/PAAS in Organizations

Owner = ellen@outlook.com

Owner = aaron@hotmail.com

Owner = xyz@yahoo.com

Owner = xyz@gmail.com

IT

managed identities

Active Directory

ellen@company.com

aaron@company.com

partner@yahoo.com

prospectivecustomer@live.comSlide7

Access to Azure and rest of the cloud: Powered by Azure AD

joe@partner.com

prospectivecustomer@live.com

Roles and Role Assignments

Owner = ellen@

outlook

company

.com

Owner = aaron@

hotmail

company

.com

Azure Active Directory

Users & Groups

Sync

2000+ Pre-Integrated SAAS Apps

Microsoft Online Services

Microsoft Azure IAAS/PAAS

Company In-House Developed Cloud Apps

IT

managed identities

Active Directory

ellen@company.com

aaron@company.comSlide8

Demo:Azure RBAC in actionDushyant GillSlide9

Azure RBAC: First Preview Release

3 built-in roles (Owner, Contributor and Reader) available for assignment to Users, Groups and Services on Azure scopes: Subscription, Resource Group and Resources.

Access management using Azure preview portal, Command Line Tools & REST API for bulk operations.

In

the new RBAC model

the existing subscription administrators and co-admins become ‘Owners’ of the subscription.Slide10

Roles and Roles Assignments

Role is a collection of actions

Role Assignments

Role

Subject

=

Users or Groups or Service Identity

Scope = Directory or Subscription or

ResourceGroup

or Resource

Actions

Not Actions

Owner

*

Contributor

*

Microsoft.Authorization

/*

Reader

*/Read

SQL Contributor

Microsoft.SQL

\*

Microsoft.Authorization

/*

Tier 1 Operator

*/Read +

Microsoft.Compute

\

VirtualMachine

\*Slide11

Access Inheritance and Resource Hierarchy

RG

S

RG

RG

R

R

R

R

R

R

Role Assignment

Role = ‘

Reader

Subject = AAD Group

Scope =

Subscription

Role Assignment

Role = ‘

Owner

Subject = AAD User

Scope =

Resource

Role Assignment

Role = ‘

Contributor

Subject = AAD User

Scope =

Resource Group

Access InheritanceSlide12

Azure AD Authorization Platform

Azure Active Directory

Azure Preview Portal & APIs (Azure Resource Manager)

Roles and Role Assignments

Roles and Role Assignments

Synced to closest geo location

Token with group membership claims

Access Check

SDK

Reason over Policy and Audit

Policy

Audit

Users and Groups

Sync

Active

DirectorySlide13

Demo: Access Management

Dushyant GillSlide14

RBAC & Azure Resource Manager

Azure Events

Roles & Role Assignments

RBAC

RP

Events

RP

Azure Resource Manager

Azure Active DirectorySlide15

Demo: Access Change History - RBAC and Events RP

Dushyant GillSlide16

Integrate your app’s access with AAD groups

Using AAD Groups Directly

1

Ellen

(Resource Owner)

Grants access to an AAD group ‘Ellen’s Team’

App renders “people picker” using AAD Graph API

App persists the group

objectId

in “permissions table”

2

Joe

(Member of ‘Ellen’s Team’)

Accesses the resource. Token contains groups claim

App checks access by comparing groups claim value with persisted

objectIds

3

Sam

(Member of ‘Ellen’s Team’)

Accesses the resource. Token contains

overage

claim

App checks access by comparing user’s groups with persisted

objectIds

App queries AAD Graph API for user’s groups

Using AAD App Roles

Publishes App Roles in AAD

App Developer

1

App Roles = “Publisher”, “Subscriber”

Assigns App Roles to Users, Groups and Client Applications

Customer Admin

2

Kim -> “Publisher”

Ellen’s Team -> “Subscriber”

Accesses the resource. Token contains roles claim

roles=“Publisher”

3

Kim

App checks access using “

IsInRole

”Slide17

What’s ahead

Custom Roles

Access Change History

Reporting over Policy and Audit

Just-in Time Access

Conditional Access

Resource tag based Access Control

User attribute based Access Control

Available to 3

rd

Party Applications

Separation

o

f DutiesSlide18

Come

visit us

in the Microsoft Solutions Experience (MSE)!

Look for the

Cloud and Datacenter Platform

area

TechExpo

Hall 7

For

more information

Windows Server Technical Preview

http://technet.microsoft.com/library/dn765472.aspx

Windows Server

Microsoft Azure

Microsoft Azure

http://azure.microsoft.com/en-us/

System Center

System Center Technical Preview

http://

technet.microsoft.com/en-us/library/hh546785.aspx

Azure Pack

Azure Pack

http://

www.microsoft.com/en-us/server-cloud/products/

windows-azure-packSlide19

Resources

Learning

Microsoft Certification & Training Resources

www.microsoft.com/learning

Developer Network

http

://developer.microsoft.com

TechNet

Resources for IT Professionals

http://microsoft.com/technet

Sessions on Demand

http://channel9.msdn.com/Events/TechEdSlide20

Azure

Implementing

Microsoft Azure Infrastructure Solutions

Classroom

training

Exams

+

(Coming soon)

Microsoft Azure Fundamentals

Developing Microsoft Azure Solutions

MOC

10979

Implementing

Microsoft Azure Infrastructure Solutions

Online

training

(Coming soon)

Architecting Microsoft Azure Solutions

(Coming soon)

Architecting Microsoft Azure Solutions

Developing Microsoft Azure Solutions

(Coming soon)

Microsoft Azure Fundamentals

http://bit.ly

/

Azure-Cert

http://bit.ly

/

Azure-MVA

http://bit.ly

/

Azure-Train

Get

certified for

1/2 the price at TechEd Europe 2014!

http://bit.ly

/

TechEd-

CertDeal

2

5

5

MOC

20532

MOC

20533

EXAM

532

EXAM

533

EXAM

534

MVA

MVASlide21

Please Complete An Evaluation FormYour input is important!

TechEd Schedule Builder

CommNet

station

or PC

TechEd Mobile

app

Phone or Tablet

QR codeSlide22

Evaluate this sessionSlide23

© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.