Loading....
Lab
Cloud Vendor Microsoft Azure
Proficiency Level Cloud Enthusiast
Tags Azure StorageStorage BlobWeb Server

Summary

In this lab, you will explore the built-in Role-Based Access Control (RBAC) capabilities in Microsoft Azure. You will create new users in Azure Active Directory (AAD) and place them in a user group. After that, you will assign different roles to the group and enable various levels of access to resources in Microsoft Azure.

Each exercise below builds upon the previous one. You should start each new exercise from the last step of the previous exercise unless it is explicitly written otherwise.

Learning Objectives

After completion of this lab, you will be able to:

  • Create users in Azure Active Directory (AAD)
  • Create user groups in Azure Active Directory (AAD) and add members to them
  • Assign roles to groups
  • Assign roles to individual users

Prerequisites

To complete this lab, you will need the following:

  • Reliable internet connection
  • A work, school or personal Microsoft Account used to access Microsoft Azure Management Portal
  • A subscription for Microsoft Azure

Exercise #1: Creating Users in Azure Active Directory (AAD)

In this exercise, you will create new users in Azure Active Directory (AAD).

Steps

  1. Sign into the Microsoft Azure Management Portal at http://portal.azure.com using your Microsoft Account
  2. Click on the button in the left-hand navigation
  3. Click on the button in the Azure Active Directory (AAD) blade
  4. Click on the button on the top of the All users blade
  5. In the New user blade, fill in the following in the form:
    Username → test_user01
    NameTest User 01
  6. Select the Show Password checkbox to show the password
  7. Copy the password for later use
  8. Click on the button
  9. Repeat steps 4 through 8 to create a second user with the following information:
    Username → test_user02
    NameTest User 02
  10.  Milestone step:  At this point, you have learned how to create new users in Azure Active Directory (AAD)

Exercise #2: Creating Groups in Azure Active Directory (AAD)

In this exercise, you will create a new security group in Azure Active Directory (AAD).

Steps

  1. Sign in to the Microsoft Azure Management Portal at http://portal.azure.com using your Microsoft Account
  2. Click on the button in the left-hand navigation
  3. Click on the button in the Azure Active Directory (AAD) blade
  4. Click on the button on the top of the All groups blade
  5. In the New group blade, fill in the following in the form:
    Group typeSecurity
    Group nameTestGroup
  6. Click on the Owners row
  7. Find your user and click on it
  8. Click on the button
  9. Click on the Members row
  10. Find Test User 01 and click on it
  11. Repeat step 10 for Test User 02
  12. Click on the button
  13.  Milestone step:  At this point, you have learned how to add owner and members to a new Azure Active Directory (AAD) security group
  14. Click on the button to create the group
  15.  Milestone step:  At this point, you have learned how to create a group in Azure Active Directory (AAD)

Exercise #3: Assign Roles to the Security Group

In this exercise, you will create two new resource groups and assign different roles to the security group for each one of the resource groups.

Steps

  1. Sign into the Microsoft Azure Management Portal at http://portal.azure.com using your Microsoft Account
  2. Click on in the upper left corner right under the logo
  3. In the search box search for Resource group and press Enter
  4. Click on the button
  5. On the Basics tab, fill in the following information
    Resource groupread-only-rg
    RegionWest US 2
  6. Click on the button
  7. On the Tags tab, add the following tags:
    Rolerbac-test
    Labsecuritylab01
    Owner<your name>
    OwnerEmail<your email>
  8. Click on the button
  9. Review the summary and click on the button
  10. Wait until the resource group is created
  11. Repeat steps 2 through 10 to create a second resource group with the name read-write-rg
  12. Click on the button in the left-hand navigation
  13. Find the read-only-rg resource group from the list and click on it
  14. Click on the   button in the Resource group blade
  15. Click on the button on top of the blade and select Add role assignment
  16. In the Add role assignment blade, select Reader for the Role
  17. Find TestGroup and click on it
  18. Click on the button to save your changes
  19. Click on the tab to verify your changes
  20.  Milestone step:  At this point, you have learned how to assign a Reader role to a resource in Microsoft Azure
  21. Click on the button in the left-hand navigation
  22. Find the read-write-rg resource group from the list and click on it
  23. Click on the   button in the Resource group blade
  24. Click on the button on top of the blade and select Add role assignment
  25. In the Add role assignment blade, select Contributor for the Role
  26. Find TestGroup and click on it
  27. Click on the button to save your changes
  28. Click on the tab to verify your changes
  29.  Milestone step:  At this point, you have learned how to assign a Contributor role to a resource in Microsoft Azure

Exercise #4: Test the Access to the Resource Groups

In this exercise, you will test the access to the resource groups you created.

Steps

  1. Sign in to the Microsoft Azure Management Portal at http://portal.azure.com using the test_user01 user account
    Note: You will need to set up new password if this is the first time you are signing in with this user.
  2. Click on the button in the left-hand navigation
  3.  Milestone step:  Note that the test_user01 user account is able to see only the following two resource groups: read-only-rg and read-write-rg
  4. Click on in the upper left corner right under the logo
  5. In the search box search for Storage account and press Enter
  6. Click on the button
  7. On the Basics tab in section, Project Details select the following information for the resource group
    Resource groupread-only-rg
  8.  Milestone step:  Note the error message under the Resource group field. You don’t have Write permissions to the resource group and cannot create resources in it
  9. On the Basics tab in section, Project Details change the selection for the resource group to
    Resource groupread-write-rg
  10.  Milestone step:  Note the error message under the Resource group field disappeared. You have Write permissions to the resource group and can create resources in it

Last Update: October 23, 2019  

October 23, 2019   145   Toddy Mladenov    Security And Compliance    
Total 0 Votes:
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

Back To Top