The following is the link to the official Microsoft Learning GitHub labs, which will guide you through each task step by step for managing RBAC:

https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/Instructions/Labs/LAB_02a_Manage_ Subscriptions_and_RBAC.html

Lab scenario two
You are the administrator of an organization and have been instructed to improve the management of Azure resources; you need to implement the following:

• Creating a management group that includes all Azure subscriptions
• Granting permissions to submit support requests for all subscriptions in the management group to a specific Azure AD user

This lab scenario consists of three different lab tasks with an estimated time of 30 minutes to complete:

1. Task one: Implement management groups.
2. Task two: Create custom RBAC roles.
3. Task three: Assign RBAC roles.

After you have completed the labs, you can remove the resources created.

Important Note
It is best practice to remove unused resources to ensure that there are no unexpected costs, even though resources created in this lab do not incur additional costs.

Now that we have practically learned how to create a custom RBAC role and assign the role, let’s have a look next at how to configure resource tags.

The following is the link to the official Microsoft Learning GitHub labs, which will guide you through each task step by step for managing subscriptions and governance:

https://microsoftlearning.github.io/AZ-104-MicrosoftAzureAdministrator/Instructions/Labs/LAB_02b-Manage_ Governance_via_Azure_Policy.html

Lab scenario three
You are the administrator of an organization and have been instructed to improve the management of Azure resources; you need to implement the following:

• The tagging of resource groups for infrastructure resources
• Ensuring that only tagged resources can be added to infrastructure resource groups
• Remediating any non-compliant resources

This lab scenario consists of three different lab tasks with an estimated time of 30 minutes to complete:

1. Task one: Create and assign tags via the Azure portal.
2. Task two: Enforce tagging via Azure Policy.
3. Task three: Apply tagging via Azure Policy.

After you have completed the labs, you can remove the resources created.

Note
It is best practice to remove unused resources to ensure that there are no unexpected costs, even though the resources created in this lab do not incur additional costs.

After completing the preceding tasks, you have learned hands-on how to assign and even enforce resource tags within the Azure portal.

Summary
In this chapter, we had a look at scenario-based labs, which tested our skills in the following areas: creating users and groups, implementing management groups, creating and assigning custom RBAC roles, creating and assigning tags to resources, and enforcing tags on resources via Azure Policy.

In the next section, we’ll cover implementing and managing storage in Azure after looking at how to configure network access to storage accounts.