Introduction
Your choice of either Microsoft Entra ID or Active Directory Federation Services (AD FS) is determined by the mode in which you deploy Azure Stack Hub. When you deploy in connected mode, you can use either Microsoft Entra ID or Active Directory Federation Services (AD FS). When you deploy in a disconnected mode (without a connection to the internet), only Active Directory Federation Services (AD FS) is allowed.
In this module, you will learn how to configure Azure Stack Hub to support users from multiple Microsoft Entra tenants, allowing them to use services in Azure Stack Hub.
This module aligns with the exam AZ-600: Configuring and Operating a Hybrid Cloud with Microsoft Azure Stack Hub.
Learning objectives
After completing this module, you'll be able to:
- Describe Hybrid Identity for Azure Stack Hub.
- Identify an appropriate method for access (service principal, users, groups) for Azure Stack Hub.
- Explain authentication and authorization for Azure Stack Hub.
- Provision a service principal for Azure Stack Hub
- Create a service principal that uses a certificate credential for Azure Stack Hub.
- Create a service principal that uses client secret credentials for Azure Stack Hub.
- Recommend a permission model for Azure Stack Hub.
- Set access permissions using role-based access control for Azure Stack Hub.
- Add a new Azure Stack Hub user account in Microsoft Entra ID for Azure Stack Hub.
- Create an Azure custom role using Azure PowerShell for Azure Stack Hub.
Skills measured
- Manage access.
Prerequisites
- Working experience creating, assigning, and securing corporate identities.
- Conceptual knowledge of identity assignment solutions, role-based access control, and identity protection methods.