Latest:

Understanding Azure

Leveraging the Power of the Cloud

Deployments Uncategorized 

How to Provide Access to Azure Resources with Azure AD

Thomas Mitchell

The intent of this tutorial is to demonstrate how to configure Azure Active Directory to allow domain joins for Azure VMs and to demonstrate the process of joining an Azure VM to Azure AD.  I also intend to explain how to synchronize on-prem AD to Azure Active Directory, which will allow on-prem users to access the Azure AD-joined VM by using their existing credentials - without the need for a VPN connection.

To demonstrate this functionality, I am going to add a custom domain to Azure Active Directory.  I will then deploy and configure Azure AD Connect so I can synchronize on-prem AD users to Azure Active Directory.  After I’ve gotten synchronization setup, I will activate Azure AD Domain Services in Azure Active Directory so it will allow domain joins from Azure virtual machines.

Once I have my Azure Active Directory prepared and configured to accept domain joins, I will deploy a virtual network in Azure to house virtual machine.  I will deploy a network Security group and a couple Network Security Rules to lock down access to cloud environment to just my local network.  With the virtual network deployed, configured, and secured, I will deploy a virtual machine in Azure, join it to the Azure Active Directory domain, and provide access to users who have been synced from the on-prem Active Directory.

Lastly, I will test access.

This tutorial assumes the reader has a basic familiarity with Azure navigation and has also already provisioned an Azure subscription with a default directory.  It also assumes familiarity with provisioning an on-prem Active Directory forest.  Rather than be a “step-by-step” tutorial, this is meant to be more of a “guided tour”.

Prepare an “On-Prem” Active Directory

Since this tutorial is going to, in part, explain how to sync an on-prem AD to Azure AD, it’s best if you have an on-prem Active Directory to work with (lab preferably).  If you want to follow along but do not have a lab environment at your disposal, login to your Azure Resource Manager portal and deploy a virtual network called OnPrem in Azure with an address space of 192.167.0.0/16 and a default subnet called On-Prem-Default.  Assign an address range of 192.167.1.0/24 to the subnet.

Click here to join the Understanding Azure Facebook group or here for the latest Azure practice questions, answers, explanations, and reference materials.

Thomas Mitchell

Tom is a 20+ year veteran of the IT industry and carries numerous Microsoft certifications, including the MCSE: Cloud Platform and Infrastructure certification. A Subject Matter Expert in Active Directory and Microsoft Exchange, Tom also possesses expert-level knowledge in several other IT disciplines, including Azure, Storage, and O365/Exchange Online. You can find Tom at his website, on LinkedIn, or on Facebook. Need to reach him by phone? Call 484-334-2790.

You May Also Like

How to Deploy a Content Delivery Network (CDN) on Azure

Thomas Mitchell Comments Off on How to Deploy a Content Delivery Network (CDN) on Azure

How to Connect Azure Virtual Networks via VPN

Thomas Mitchell Comments Off on How to Connect Azure Virtual Networks via VPN

The AZ-900 Microsoft Azure Fundamentals Exam is Coming

Thomas Mitchell Comments Off on The AZ-900 Microsoft Azure Fundamentals Exam is Coming