Deploying a custom Azure AD

To understand how you deploy Azure AD, you need to understand that Azure AD is directly connected to your Azure subscription. So, the Azure account subscription administrator is always the first service administrator for your Azure environment. There can only be one account administrator per Azure subscription. The account administrator is the only one who can manage Azure AD and subscription connections. If you lose your administrator credentials or lose access to the administrator account, you can no longer manage your subscription.

You should therefore plan who will create your subscription and which account is the account administrator. To create a subscription, the subscription administrator must have a Microsoft account formerly known as a Live ID or Microsoft account, or an Azure AD account. This can be created, for example, through Office 365 before adding Azure agreements and subscription payments, or could be an account created and synchronized through the AD DS to Azure. What you shouldn't do is to use a personal account for an employee to function as an account administrator and global Azure administrator. If there is any change with that employee, you could lose Azure AD access. In any case, you should work with group accounts or service accounts, so that a minimum of two people are able to access the subscription.

Normally, an Azure AD is created when you create an Azure subscription or you subscribe to a Microsoft cloud service such as Office 365. As an Azure account administrator, you can create a new Azure AD and change your Azure subscription to the new Azure AD.

Let's begin by creating an Azure AD:

  1. First you need to log in to https://portal.azure.com/#create/Microsoft.AzureActiveDirectory.
With effect from January 2018, Microsoft only offers one portal, https://manage.windowsazure.com, since the old deployment engine based on Microsoft Service Manager was discontinued. The modern portal, https://portal.microsoft.com, which is based on the Microsoft resource manager engine (ARM), is the primary and preferred portal. 
  1. With the new portal, creating an Azure AD becomes quite easy: 
    • Select a display name 
    • Select your tenant/Azure AD name
    • Select the country where you are legally based 
    • Click on the Create button:

Azure AD B2C is a cloud identity management solution for your consumer-facing web and mobile applications. You can find more information in the Azure documentation at https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview.
  1. The process will take about a minute, and at the end you'll be navigated to your newly created tenant.
The regular way an Azure AD is created is a bit different. Normally, the Azure AD is created by your license or subscription seller, for example, COMPAREX, SoftwareONE, or Ingram Micro. They will create the subscription for you when ordering an Azure subscription, an online Enterprise Agreement (EA), or other Microsoft 365 services. EA customers are normally only allowed to have one Azure AD; if you need to have more than one Azure AD, you need to extend your EA with an additional contract. This contract will allow you to use EA subscriptions in a multi-tenant environment. 

To make identity management between Microsoft 365 services, Azure, and other identity services consistent, you should use one tenant for all your users and only split between production and the dev/test Azure AD and so on. 

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.147.28.202