Azure Management Group Create through Azure Portal and PowerCli

Azure management groups provide a way for an organization to control and manage access, compliance, and policies for their subscription within their tenant. These containers provide scope above subscriptions, allowing a level of inheritance applied to that management group or any parent group.

How to Create Management Group in Azure

Note-: You can create management Group using Azure PowerSehll, CLI or Azure Portal but you cann't create using JSON or Resource Group template.

Login to Azure Portal -> Search form Management group

Click Management group

Click Start using Management Groups

Enter Management Group Name and Management ID -> Submit

Note -> Management Group Name can change anytime after creation but Management ID can't change.

It will take 1-2 Minutes and Management Group will create.

PowerShell Script to create Management Group-:

Launch PowerShell from Azure Console

Enter below command

New-AzManagementGroup -GroupId "1234" -DisplayName "MGMTGP"

Run below command to check Management Group list

Get-AzManagementGroup

Thanks

AzureAD B2B Guest Account Invite to Share Company Applications and Services

Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature within External Identities that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with guest users from any other organization.

How to invite guest account to use Azure resource.

Login to Azure portal

Click AzureAD -> New Guest user

Click Invite User

Enter User Name

Email address

First Name

Last name

Select group

User location

Sign setting

Click Invite

Now login to guest mailbox

Accept Invitation

Once you will Sign In, you will be able to access all Azure resources that is allowed for you.

Thanks

Azure AD Connect Health

Azure Active Directory (Azure AD) Connect Health provides robust monitoring of your on-premises identity infrastructure. It enables you to maintain a reliable connection to Microsoft 365 and Microsoft Online Services. This reliability is achieved by providing monitoring capabilities for your key identity components. 

You can enable email notification for track alert instead of login to Azure portal every time.

AzureAD Connect health monitor alert for below objects.

Duplicate Attribute, 

Data Mismatch,

Data Validation failure

Large Attribute 

Federated Domain Controller

Existing Admin role and other

How to Enable email notification for Azure AD Health Monitoring

Login to Azure Portal -> Click AzureAD.

Click AzureAD Connect

Click Health and Analytics

Click Sync error

Click Notification Settings

You can enable email notification so that no need to login to Azure portal and check the status.

By default notification will go to all Global Administrators.

If you want to add Additional Recipients

Enter email ID and Save

Thanks

  

Azure Self Service

 Self Service portal in AzureAD

AzureAD Self service->

Though AzureAD self service, user can manage group, application and password reset access it self. If user wants to join or remove him self from any group he can do from Access portal.
Same if user want to add remove application in Azure portal he can do him self.

Three types of AzureAD self service..

1. Self Service Group membership ->  

2.Self Service Application Access->

3. Self Service Password Reset->

Configure Self Service Group Membership in Azure portal.

Login to Azure portal

Click on Azure AD -> Click Group

Now click General under Settings

Click Yes or No as per your requirement.

you should have valid license to enable these features

 2. Configure Self Service Application Access in Azure portal.

Login to Azure Portal

Go to AzureAD -> Click Enterprise applications

Now click User Settings

Uder the Enterprise application-> Select yes/No to enable or disable features.

3. Configure Self Service Password Reset->

To configure Self service Password Reset

Login to Azure Portal

Open AzureAD -> Search for Password reset

Configure the setting that you want to.

To enable these self service features you need enterprise license.

Manage AzureAD with Windows PowerShell # Manage User, Group

Manage Azure AD through Window PowerShell.

To manage AzureAD with PowerShell first you need to install Azure module in PowerShell.
Before installing Azure module you need to install later PowerShell, you can refer below link to download and install later PS.

Latest PowerShell

To install Azure module PowerShell Run below command.

Install-Module -name Azure

Now Install AzureAD module using below command

install-module -name AzureAD

 

Once installation done.

Run below command to check installed module details

Get-module AzureAD

Run below command to connect with AzureAD

Connect-AzureAD

Enter your Azure account details to connect with Azure portal.

To create manage ADUser, Group or Roles you need to create one Azure ADUser with Global Administrator .

Run below command to connect with AzureAD

 And login with newly created AzureAD User who have Global assignment.

Connect-AzureAD

Use below command to Store your password in incrypted state.

$password = ConvertTo-SecureString -String "P@ssw0rd@123" -AsPlainText -Force

To create UserID in AzureAD use below command.

New-AzADUser -DisplayName "Azure Powershell" -UserPrincipalName "Azurep@kraju947hotmail.onmicrosoft.com" -Passwor $password -MailNickname "Azurep"

To get list out the users created in AzureAD

Run Get-AzureADUser

To filter user starting with selected alphabets

Get-AzureAdUser -Filter "startswith(givenname,'ra')"

1. Cloud Identity -> User ID that we create in cloud Azure AD.

2. Directory Sync identities -> User ID that we create in on-premises and sync with AzureAD cloud.

3. Guest -> Guest account that is not available in On-Premises but we send invite to join like Google,        Hotmail accounts.

Use Cases of Windows PowerShell

Use Case 1: Get Information about Webserver = Get-WebServer
Use Case 2: Get Information about Processes in the computer =Get-processes
Use Case 3: Get list of services in the Computer = Get-service

Verb : Get

Noune:  WebServer, Processes and Service

PowerShell Command work on Verb+Noune

Out: data export

Format: Formatting

Set: Mofifications

Get: retrieve

Azure AD Custom Domain

 Add Custom domain in Azure AD

Login into Azure AD Dashboard.

Click Azure Active Directory.

Click Custom domain names -> Click Add Custom domain

Enter Custom domain name that you have purchased from domain provider i.e GoDaddy or anyother.

Click Add domain.

Now Login to domain provider portal GoDaddy

From Account Select your product ->

Go to DNS -> Manage DNS

Click Add and select create TXT entry.

Enter all entry and click Save.

 Once all done in domain provider portal.

Go to Azure Portal and click verify.

Once you will click verify you will receive error like below.

'

You need to wait for 1-3 days to update all DNS record in Domain provider portal.

Once Verification will complete status will change to green from warning.

And you will be able to create user with myinfotechit.com prefix

Azure Dashboard

 Azure Dashboard -> Azure Dashboard administrator use to create for categorizes resource that he uses frequently.

 

How to create custom Dashboard in Azure portal

Login to Azure portal.

Click Dashboard

Click New Dashboard

Select Blank Dashboard

Type Dashboard Name

Drag and drop from Title Gallery or select from Title Gallery and click Add

Click Save

Now you can drop down Dashboard to select newly created Dashboard.

And you will see all the settings are reflecting.

If you want to export Azure Dashboard setting and upload to new created Account.

Select Dashboard and click edit to add/remove more services in Dashboard

If you want to save setting or upload same setting for other account -> Click Export

Now Click Download or Print

Login with other Account in Azure portal.

Now click My Dashboard

Select Upload -> Browse the .json file path and upload

Now done with Azure Dashboard Customization.