The following steps show how to Add the E5 Subscriptions in your 365 Developer Subscription. Follow steps to register for the developer subscription 1st
After the “Welcome to the Microsoft 365 Developer Program.”
Click Set up E5 Subscription
Follow the setup steps below:
Microsoft have a developer subscription option Microsoft 365 Developer Program FAQ | Microsoft Docs
“subscription is good for 90 days and is renewable based on valid developer activity. If you’re using your subscription for development, it will be renewed every 3 months and will last indefinitely.”
Set up a Microsoft 365 developer subscription | Microsoft Docs
Join the Microsoft 365 Developer Program | Microsoft Docs
Steps to setup – “Join the Microsoft 365 Developer Program today!”
Click : https://developer.microsoft.com/en-us/microsoft-365/dev-program
Joining the program and Create a new account (I Created a new email just for this developer work)
We then get presented with a Dashboard – Microsoft developer center and technical documentation
Time to Explore > click Microsoft 365 > Learn more > Join Now
Clicked “Join Now” and got a missing info prompt.
Join the Developer Program
Select an options
Now you are Setup. Continue to steps for adding E5 license
Security Defaults in Azure Portal. IMPORTANT, SECURITY DEFAULTS IS NOT ALWAYS ENABLED BY DEFAULT. YOU MUST CHECK YOUR SETTINGS
What does Security Defaults give you? Security Defaults when enabled provide the following preconfigured security settings:
Requiring all users to register for Azure AD Multi-Factor Authentication.
Requiring administrators to perform multi-factor authentication.
Blocking legacy authentication protocols.
Requiring users to perform multi-factor authentication when necessary.
Protecting privileged activities like access to the Azure portal.
Azure Active Directory security defaults | Microsoft Docs
How do you enable? Azure Active Directory > Properties > Manage Security Defaults > Yes > Save
Discovering and blocking legacy auth:
Discovering and blocking legacy authentication in your Azure and Microsoft 365 subscriptions – Jussi Roine
Understanding Modern vs Legacy auth:
Understanding Modern vs. Legacy Authentication in Microsoft 365 – Ru365 (campbell.scot)
Maintain groups in Azure AD with dynamic groups and set expiration settings.
Example scenario : Controlling remote access to sub contractors working on a short term project. The project owner should remove all access for sub contractors after the project completes
How to guide :
If we combine Dynamic Groups and Expiration settings, we can automatically populate groups and then invoke regular check to maintain groups are still required. Group owners will be reminded regularly to verify groups are required. Owners will have a better understanding of who has access and this help assist with your security policies.
Dynamic Group Example
Steps: Azure Active Directory > New Group > Type : Office 365 > Name, Description, Dynamic User > Owner > Dynamic user Members
Group Name : Sub Contractors – Set the value for department equals “Sub Contractor”
Dynamic User Members – Add Experssion
(user.department -eq “Sub Contractor”)
Configure Group lifetime / Expiration Settings
Steps: Azure Active Directory > Groups > Expiration > Days > No Owner email > Selected > Group > Save
“Renewal notifications are emailed to group owners 30 days, 15 days, and one day prior to group expiration. Group owners must have Exchange licenses to receive notification emails. If a group is not renewed, it is deleted along with its associated content from sources such as Outlook, SharePoint, Teams, and PowerBI.” Info from the portal Expiration settings.
This feature looks to identify activity and assign a risk level. “Risk detection and remediation”
All features look to be available in Azure AD Premium P2 and restricted number of features in Azure Premium P1 and Basic/Free.
Key differences are the notifications options only in Azure AD Premium P2.
There are three default polices
- User Risk
- Sign-In Risk
Example of the Identity Protection Policies
Reference How To Guides :
- How To: Configure the Azure Multi-Factor Authentication registration policy
- How To: Configure and enable risk policies
- How To : Identity protection configure notifications
This example shows how to assign a user/group a role to admin virtual machines in a resource group.
How to steps..
Select “Resource Group” > IAM > Add > Select user or group and select a role – Ok
How to guide, in Azure register an application in AD and generate app password
In the Azure portal, browse to Azure Active Directory > App Registrations
Enter Application details and account types
Next Click > Certificates & Secrets > New client secret
Enter description and Expirey > Click Add
Make sure to copy the value. You can then sign in as the application with the App ID and value.
Problem : Azure Conditional Access + “New policy” is greyed out.
Reason : To use Azure Conditional Access Policies, you require “Azure AD Premium”
Solution : License and Setup Azure AD Premium. You are able to setup Azure AD Premium on a 30 Day trial before incurring additional costs
Activate using Free 30 day trial option shown below.
Jan 16, 2020
AZ-103: Microsoft Azure ADMINISTRATOR
#Azure #Administrator #CertifiedProfessional #MicrosoftAzure #MicrosoftCloud #Microsoft #alwaysbelearning #AZ103 #EXAM #PASSED