Scribd
Upload
151 views1 page

Enterprise Scale Architecture

This document provides an overview of an enterprise identity and access management solution across Azure subscriptions and on-premises resources. It describes: 1. The use of Azure Active Directory, Privileged Identity Management, and access reviews for identity management across subscriptions and on-premises. 2. The organization of subscriptions into management groups and the assignment of roles, policies, and templates for access control and deployment. 3. The configuration of landing zones and sandbox subscriptions for secure access and development/testing workloads.

Uploaded by

Hieu Pham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
151 views1 page

Enterprise Scale Architecture

This document provides an overview of an enterprise identity and access management solution across Azure subscriptions and on-premises resources. It describes: 1. The use of Azure Active Directory, Privileged Identity Management, and access reviews for identity management across subscriptions and on-premises. 2. The organization of subscriptions into management groups and the assignment of roles, policies, and templates for access control and deployment. 3. The configuration of landing zones and sandbox subscriptions for secure access and development/testing workloads.

Uploaded by

Hieu Pham
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

A Enterprise enrollment

Enrollment

Department

Account Subscription
Identity and access management
B
Azure Active On-premises
• Approval workflow Priviliged Identity
Directory
• Notifications Managment Azure Active
Directory
• MFA • App/DevOps
• Service principal(s)
• Access reviews • Subscription manager
• Security group(s)
• Audit reports • Other custom roles
• Users

Platform
DevOps team
Management group and subscription organization
C
Tenant root group
Management groups I DevOps
Identity
subscription
Contoso Git Repository Boards Deployment
Resource group(s) pipeline(s)
Wiki
Platform Landing zones Decommissioned Sandbox
Azure Key Vault
DC1 DC2 • Role definitions • Subscription provisioning
Identity Management Connectivity SAP Corp Online
Recovery... • PolicySet definitions • Role provisioning
• Policy definitions • Policy deployment
• Role assignments • Platform deployment
Cost Azure
management Monitor • Policy assignments
Identity Management Connectivity Landing zone Decommissioned Sandbox
subscription subscription subscription A1 subscriptions subscription 1 • Resource templates

Landing zone Sandbox


A2 subscription 2
Subscriptions
Role Policy Network Security
entitlement assignment Watcher Center

Management Connectivity Landing zone Sandbox


subscription subscription subscription subscription
D E F H

Dashboards
(Azure portal) Azure VWAN Hub Virtual Applications Applications
network DNS UDR(s) NSG/ASG(s)
DDoS Region 1 VNet peering
Standard
• Change tracking Applications
Automation • Inventory management • Shared services Resource group(s)
account(s) Azure DNS • ExpressRoute Application
• Update management Load Azure
• VPN (P25/S2S) Balancer Key Vault Application
• Dashboards • Virtual WAN
Log analytics • Queries
workspace File Share Application
• Alerting Role Policy Network Security
Recovery... entitlement assignment Watcher Center

Role Policy Network Security Role Policy Network Security Dashboards Recovery Services Shared
entitlement assignment Watcher Center entitlement assignment Watcher Center (Azure portal) vault(s) services

Subset

Role Policy Network Security


entitlement assignment Watcher Center
On-premises systems
VM SKU(s)
• Access credentials
• In-guest policies/DSC
G • Backup policy
• Extensions
Compliant • Tagging
VM templates

You might also like