As an IT professional tasked with managing resources in Azure, it’s important to understand key administrative roles and permissions within a subscription and within a resource group. It’s also important to know how to leverage Role Based Access Control (RBAC) for managing such administrative roles and permissions.
In the first part of this course, you will learn about Azure subscriptions. You will learn about key roles within a subscription, including contributor, owner, reader, and user access administrator. You’ll also learn how to manage these roles by using RBAC. We’ll also cover subscription policies and the role they play in the management of an Azure subscription.
In the second part of the course, we’ll talk about resource groups in Azure. We’ll touch on what they do and how they are managed. You will learn how to secure resources within a resource group via resource policies and resource locks. You’ll also learn about resource tagging and how it can be used to manage and group Azure resources.
Rounding out this course, we’ll cover the process of moving resources from one resource group to another, as well as the deletion of resource groups altogether.
- Understand the owner role
- Understand the subscription administrator Role
- How to manage roles and permissions with RBAC
- Understand subscription policies
- Understanding the purpose of resource groups
- How to leverage resource group policies
- How to use resource locks to protect resources
- How to leverage resource tags
- Moving resources between resource groups
- Removing resource groups
- IT professionals interested in becoming Azure cloud architects
- IT professionals preparing for Microsoft’s Azure certification exams
- General knowledge of IT infrastructure
- General knowledge of the Azure environment
Hello and welcome back. In this brief demonstration here, what we're gonna do is walk through the process of adding or maybe changing an Azure subscription administrator. Now on the screen here, I'm logged into the Azure portal. I'm at my home page here, and I'm logged in as an administrator here.
What we're going to do is browse to Azure labs through either the recent resources that I've worked with which is a subscription here, or I can navigate to subscriptions under the navigate section here or I can browse to subscriptions through Azure services.
What I'll do here is browse to subscriptions. And then from here, I can see I only have one Azure subscription here and it's called Azure labs. So we'll go ahead and open up our subscription. And it takes us to the overview page.
To add or change subscription administrators for this subscription, what we're going to do is browse into access control. And before I do that, I just wanna make a quick note here. The Azure portal changes rather frequently or at least more frequently than I'd like it to. So don't focus as much attention on where you're clicking, the actual physical location, but more on what you're clicking. And in this case we want to use, I am or access control for the Azure lab subscription.
So if you try this in your own environment and this access control link is somewhere else in the list then that's fine. The idea is you wanna click access control. So that PSA out of the way, let's go ahead and get into access control here. And we can see from access control.
What we're going to do is add a subscription administrator. And to do that, we click add here, and then we have a couple options. Role assignment, the co-administrator which is what we're going to do here or we're going to add a custom role.
So to add our administrator, which is essentially a co-administrator, we select the co-administrator option and then from here, we can select the user we want to make a co-administrator. So for this demonstration here, we'll select John Gold and we'll make him a co-administrator of this Azure labs subscription. And if we select role assignments here we can see that our new co-administrator and even administrators for that matter are not shown. That's because these permissions are not role assignments. They're actually permissions over the subscription for actual administrators.
Now to remove that co-administrator, we can actually go into classic administrators. And that's because this is more of a classic role. If we select classic administrators, we can see that John Gold is listed as a co-admin. And this is the important piece here. We can see that classic administrators are only needed if you're still using Azure classic deployments.
If you're not using Azure classic deployments you wouldn't be assigning co-admin roles within your subscription. But I wanted to just show you what that was because if you happen to go into, I am, you'll see that option here. So I wanted to at least let you know what this is and how you use it.
So what we're going to do here is we're going to remove John Gold as a classic administrator. And there we now have our classic co-administrator access removed for John Gold. Then from here, we'll bounce back to the role assignments.
And from here, this is where you would want to grant the permissions to the subscription as you see fit. So with that, let's call it a wrap and I'll see you in the next lesson.
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.