Azure Administrator (AZ-104)
The billing unit of Azure Services that aggregates all the costs of the underlying
resources. - ANS-Azure Subscriptions
An identity in Azure Active Directory (AAD) or a directory that is trusted by AAD, such as
a work or school organization. - ANS-Azure Accounts
Also known as the account owner, this person is responsible for paying the subscription
bill to Microsoft when it is due. Normally, this user has financial responsibilities in your
company such as CFO, Accounts Payable Lead etc. - ANS-Account Administrator
Also known as the Service Owner. This user manages the services that run in Windows
Azure. They will have access to and uses the Window Azure Developer Portal or
Service Management API to orchestrate the applications and data running in Azure.
Normally, the user is a developer, system administrator, or other IT person responsible
for IT services in your company. - ANS-Service Administrator
When an enterprise becomes to large for a single Service Administrator, the Service
Administrator can create this role for other IT administrators to help them out. They will
have complete access to the subscription services. They can even add or delete other
users in the same role. However, they cannot remove the Service Owner nor do they
have access to payment/billing information. - ANS-Co-Administrators
The Microsoft recommended way to manage the permissions of your resources.
However this will not work with Azure's classic deployment model. - ANS-Role-Based
Access Control
Global Administrator - ANS-Users who are assigned this role can read and modify every
administrative setting in your Azure AD organization. By default this role is given to the
user that signed up for the Azure subscription. It is one of the two roles that has an
ability to delegate administrator roles. To reduce the risk to your business, it is
recommended by Microsoft that you assign this role to the fewest possible people in
your organization.
Application Developer - ANS-Users in this role can create application registrations when
the "Users can register applications" setting is set to No. This role also grants
permission to consent on one's own behalf when the "Users can consent to apps
, accessing company data on their behalf" setting is set to No. Users assigned to this role
are added as owners when creating new application registrations or enterprise
applications.
Application Administrator - ANS-This role grants the ability to manage application
credentials. Users assigned this role can add credentials to an application, and use
those credentials to impersonate the application's identity.
Authentication Administrator - ANS-Users with this role can set or reset non-password
credentials and can update passwords for all users. Authentication Administrators can
require users to re-register against existing non-password credential
Azure gives you the ability to see the number of resources you've deployed into your
subscription and what your limits are. This ability makes it easier for you to track current
usage and plan for new deployments in the near future. - ANS-Azure Resource Limits
A good way to keep track of your resources is through tagging them. Each "Tag"
consists of a Name and a Key Value Pair, such as
"Environment" : "Production" where you could tag all your resources that are in
production. Tags applied to the resource group are not inherited by the resources in that
resource group. - ANS-Tagging Resources
A service used to create, assign and manage different policies. These policies enforce
different rules over your resources so they stay compliant with your corporate standards
and service level agreements, The service does this by running evaluations against
your resources and scanning for those that are not in compliance with your policies. -
ANS-Azure Policy
A policy definition that has been assigned to take place within a specific scope. This
scope could range from a management group to a resource group. The term scope
refers to all the resource groups, subscriptions, or management groups that the policy
definition is assigned to. Policy assignments are inherited by all child resources. This
design means that a policy applied to a resource group is also applied to resources in
that resource group. However, you can exclude a sub-scope from the policy
assignment. - ANS-Policy Assignment
A way to help simplify your policy management by reducing the number of policy
definitions you create. You can define parameters when creating a policy to make it
more generic. Then you can reuse that policy definition for different scenarios. You do
The billing unit of Azure Services that aggregates all the costs of the underlying
resources. - ANS-Azure Subscriptions
An identity in Azure Active Directory (AAD) or a directory that is trusted by AAD, such as
a work or school organization. - ANS-Azure Accounts
Also known as the account owner, this person is responsible for paying the subscription
bill to Microsoft when it is due. Normally, this user has financial responsibilities in your
company such as CFO, Accounts Payable Lead etc. - ANS-Account Administrator
Also known as the Service Owner. This user manages the services that run in Windows
Azure. They will have access to and uses the Window Azure Developer Portal or
Service Management API to orchestrate the applications and data running in Azure.
Normally, the user is a developer, system administrator, or other IT person responsible
for IT services in your company. - ANS-Service Administrator
When an enterprise becomes to large for a single Service Administrator, the Service
Administrator can create this role for other IT administrators to help them out. They will
have complete access to the subscription services. They can even add or delete other
users in the same role. However, they cannot remove the Service Owner nor do they
have access to payment/billing information. - ANS-Co-Administrators
The Microsoft recommended way to manage the permissions of your resources.
However this will not work with Azure's classic deployment model. - ANS-Role-Based
Access Control
Global Administrator - ANS-Users who are assigned this role can read and modify every
administrative setting in your Azure AD organization. By default this role is given to the
user that signed up for the Azure subscription. It is one of the two roles that has an
ability to delegate administrator roles. To reduce the risk to your business, it is
recommended by Microsoft that you assign this role to the fewest possible people in
your organization.
Application Developer - ANS-Users in this role can create application registrations when
the "Users can register applications" setting is set to No. This role also grants
permission to consent on one's own behalf when the "Users can consent to apps
, accessing company data on their behalf" setting is set to No. Users assigned to this role
are added as owners when creating new application registrations or enterprise
applications.
Application Administrator - ANS-This role grants the ability to manage application
credentials. Users assigned this role can add credentials to an application, and use
those credentials to impersonate the application's identity.
Authentication Administrator - ANS-Users with this role can set or reset non-password
credentials and can update passwords for all users. Authentication Administrators can
require users to re-register against existing non-password credential
Azure gives you the ability to see the number of resources you've deployed into your
subscription and what your limits are. This ability makes it easier for you to track current
usage and plan for new deployments in the near future. - ANS-Azure Resource Limits
A good way to keep track of your resources is through tagging them. Each "Tag"
consists of a Name and a Key Value Pair, such as
"Environment" : "Production" where you could tag all your resources that are in
production. Tags applied to the resource group are not inherited by the resources in that
resource group. - ANS-Tagging Resources
A service used to create, assign and manage different policies. These policies enforce
different rules over your resources so they stay compliant with your corporate standards
and service level agreements, The service does this by running evaluations against
your resources and scanning for those that are not in compliance with your policies. -
ANS-Azure Policy
A policy definition that has been assigned to take place within a specific scope. This
scope could range from a management group to a resource group. The term scope
refers to all the resource groups, subscriptions, or management groups that the policy
definition is assigned to. Policy assignments are inherited by all child resources. This
design means that a policy applied to a resource group is also applied to resources in
that resource group. However, you can exclude a sub-scope from the policy
assignment. - ANS-Policy Assignment
A way to help simplify your policy management by reducing the number of policy
definitions you create. You can define parameters when creating a policy to make it
more generic. Then you can reuse that policy definition for different scenarios. You do
