Challenge: Separate subscriptions for multiple disciplines under the same Azure Active Directory Tenancy.
Required : Each subscription to have the same role assignments
Solution : Azure Blueprints to define a repeatable set of Azure resources
Azure Blueprints provides
- Role & Policy Assignments
- ARM templates
- And Resource Groups
Getting Started Azure Blueprints (PREVIEW)
Creating Blueprint Guide – Focused on Roles
Create a blue print, if your new, start with a sample predefined Blueprint.
For this example I have selected Resource Groups with RBAC (Role-based Access Control)
Create blueprint> Enter Name, Description and Definition Location
Next : Artifacts
Click Save Draft
How to Publish Blueprint
Click Blueprints > Blueprint Definitions > Select the version to publish
Click Publish blueprint.
Enter version and change notes > Click Publish
This example shows how to assign a user/group a role to admin virtual machines in a resource group.
How to steps..
Select “Resource Group” > IAM > Add > Select user or group and select a role – Ok
Security and Authentication method – Content Trust
You need a container registry to start with
Content trust in Azure Container Registry
“Azure Container Registry implements Docker’s content trust model, enabling pushing and pulling of signed images.”
ACRImageSigner ( role is used for signing permissions)
AcrPush ( role is used for ACR push)
For a list if built in roles and descriptions see here
Container registry roles see here
Azure CLI command to assign the ACRImageSigner role
az role assignment create –scope <registry ID> –role AcrImageSigner –assignee <user name>
Automate Container Image builds and ACR tasks info. An example use, for automating the build cycle. How “By executing az login with a service principal, your CI/CD solution could then issue az acr build commands to kick off image builds.”
Manage Resource Groups CLI
Azure CLI manage resource groups available here
The support desk will require the function to reset users passwords in your environment. Their is a pre-configured role already available in Office 365. Follow these basic steps to assign the “Password Administrator” role to a user.
Open Azure Active Directory Admin Center > Select “Users”> Select a user> Click “Assigned Roles”>”Add Assignment” and Select “Password Administrator” role.