Topic Decomposition - brian-anderson01/Capstone GitHub Wiki

Azure Active Directory

  • Create a domain through Azure AD, set up with users, and join computers to the domain.

Initial setup

  • Create the domain and do any other initial setup to get the domain up and ready to configure.
  • Add users
    • Create an Admin user for administrating AD and GP. Add some normal users.
  • Create Groups
    • Create security groups with users in the domain for access control and policy enforcement.

Research

  • Research using and implementing Azure AD. Become familiar with basic and necessary functions.

Join computers to domain

  • Login with Azure AD account on PC to join the domain. Test connectivity and GP if implemented.

File Sharing

  • Implement file sharing and mapped drives into the organization with cloud service, either OneDrive or SharePoint.

Research OneDrive/SharePoint

  • Research implementation of OneDrive or Sharepoint into Azure AD and group policy

Decide on one or the other

  • Based on research, decide which service to use as the main file sharing service for the organization

Intune

  • Potentially take out Group Policy altogether and use intune instead. Research must be done beforehand to evaluate if this is feasible.

Replacement for GP?

  • After just scratching the surface while researching Intune it appears that this could potentially be a complete replacement for group policy in my Azure AD environment. Intune does a lot of access control and user/computer configuration already. Intune also is more reliable than GP for actually working with computers that aren't on a traditional domain.

Creating mapped drives

  • Research if and how mapped drives can be made using Intune.

Access control using Intune

  • Look into access control and how to implement it to a windows system using intune and Azure AD users.

Group Policy

  • Implement Group Policy into Azure Active Directory Domain

Implementation into Azure AD

  • Research how to implement group policy into an Azure domain and what resources are needed.

Mapped drives pointing to OneDrive or SharePoint

  • Create GPOs to map drives to user's computers. Research how to map OneDrive or SharePoint directories with GP.

Manage access to files and mapped drives

  • Manage access to folders and drives for certain users on the domain.

Virtualized Windows Server Core?

  • Need to determine if a server is necessary through research.

  • Join to Azure Domain

    • Join the server to the Azure domain so it can push GP to users and computers.

  • Install Group Policy Management *Install Group Policy Role on the server so that it can be managed

Secure Virtual Workstations

Research Azure VM deployment

  • Research creating VMs in Azure. Research access control to the VMs and the virtual LAN.

Virtual Azure LAN

  • Create a virtual LAN in Azure that the workstations and webserver will be on.

  • Manage access to the LAN

    • Manage access to the virtual LAN with firewall rules or other methods.

Create Virtual Machines

  • Create one or two Windows virtual machines for use as Secure workstations
  • Initial Configuration
    • Spin up VMs, configure windows, configure networking in Azure.
  • Add to Virtual LAN
    • Add the workstations to the virtual LAN so they can access the webserver.

Manage Access To VMs

  • Manage who can access the VMs using Azure

Virtual Web Server

  • Create a webserver in Azure for access control testing/proof of concept.
  • Add to Virtual LAN
    • Add the webserver to the virtual LAN so it's accessible from other VMs
  • Manage Access to Web Server
    • Manage access to only be allowed to certain users and only from Azure virtual LAN.