Identity : Azure AD

Question 1

Azure AD: Identity

Answer 1

An object that can get authenticated

Question 2

Azure AD: Account

Answer 2

An identity that has data associated with it. You can’t have an account without an identity.

Question 3

Azure AD: Azure AD Account.

Answer 3

An identity created through Azure AD or another Microsoft cloud service, such as Microsoft 365.

Identities are stored in Azure AD and accessible to your organization’s cloud service subscriptions.

This account is also sometimes called a Work or school account.

Question 4

Azure AD: Azure subscription.

Answer 4

Azure subscription. Used to pay for Azure cloud services. You can have many subscriptions and they’re linked to a credit card.

Question 5

Azure AD: Azure tenant/directory.

Answer 5

A dedicated and trusted instance of Azure AD, a Tenant is automatically created when your organization signs up for a Microsoft cloud service subscription.

Question 6

Azure Directory Domain Services

Answer 6

Is the traditional deployment of Windows Server-based Active directory on a physical or virtual server.

Question 7

Azure Active Directory (Azure AD) vs Azure Directory Domain Services (AD DS)

Answer 7

Azure AD is a managed service.

You only manage the users, groups, and policies.

Deploying AD DS with virtual machines using Azure means that you manage the deployment, configuration, virtual machines, patching, and other backend tasks.

Question 8

Azure AD Free Pricing Tier

Answer 8

Provides user and group management (500k directory objects)

SSO

Basic reports

Question 9

Azure AD: Azure Microsoft 365 Apps Service Pricing Tier

Answer 9

Free + identity & access management of Microsoft 365 apps

Question 10

Azure Active Directory Premium P1 (pricing tier)

Answer 10

lets your hybrid users access both on-premises and cloud resources.
It also supports advanced administration,
dynamic groups,
self-service group management
Microsoft Identity Manager (an on-premises identity and access management suite)
cloud write-back capabilities, which allow self-service password reset for your on-premises users.

Question 11

Azure Active Directory Premium P2. (Pricing tier)

Answer 11

In addition to the Free and P1 features, P2 also offers Azure Active Directory Identity Protection to help provide risk-based Conditional Access to your apps and critical company data. Privileged Identity Management is included to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.

Question 12

Azure AD Join

Answer 12

designed to provide access to organizational apps and resources and to simplify Windows deployments of work-owned devices.

Question 13

Joining a device

Answer 13

is an extension to registering a device.

Joining provides the benefits of registering and changes the local state of a device.

Changing the local state enables your users to sign-in to a device using an organizational work or school account instead of a personal account.

Question 14

Self-service Password Reset (SSPR)

Answer 14

gives the users the ability to bypass the helpdesk and reset their own passwords.

Question 15

Self-Service Password Reset (SSPR) Authentication methods

Answer 15

pick the number of authentication methods required to reset a password and the number of authentication methods available to users.

At least one authentication method is required to reset a password.

You can choose from email notification, a text, or code sent to user’s mobile or office phone, or a set of security questions.

Question 16

Azure AD Users: Cloud Identities

Answer 16

These users exist only in Azure AD

Examples are administrator accounts and users that you manage yourself

Question 17

Azure AD Users: Directory-synchronized identities.

Answer 17

These users exist in an on-premises Active Directory.

A synchronization activity that occurs via Azure AD Connect brings these users in to Azure.

Their source is Windows Server AD (WS AD).

Question 18

Azure AD Users: Guest Users

Answer 18

These users exist outside Azure. (e.g, other cloud provider, Xbox LIVE account).

Their source is Invited user.

This type of account is useful when external vendors or contractors need access to your Azure resources.

Question 19

Azure AD Bulk User Accounts

Answer 19

Using The Bulk Create option in the portal.

Fill out the CSV template.

Things to Note:
Establish naming conventions. (e.g., Smith.John@contoso.com)
Conventions for initial passwords.

Question 20

Azure AD Group Accounts: Security Group

Answer 20

Used to manage member and computer access to shared resources for a group of users.

Question 21

Azure AD Group Accounts: Microsoft 365 groups.

Answer 21

Provide members access to shared mailbox, Calender, files, SharePoint etc.

People outside of the org can have access to this group.

Question 22

Azure AD: Adding Members to Groups: Assigned (Membership Type)

Answer 22

Lets you add specific users to be members of this group and to have unique permissions

Question 23

Azure AD: Adding Members to Groups: Dynamic User (Membership Type)

Answer 23

Lets you use dynamic membership rules to automate the adding and removing of members.

Question 24

Azure AD: Adding Members to Groups: Dynamic Device (Membership Type)

Answer 24

Lets you use dynamic group rules to automatically add and remove devices.

Question 25

Azure AD: Administrative Units

Answer 25

Are used to restrict administrative scope/

Administrative unit (e.g., School of Business) only admins for the those in that administrative unit ( e.g., staff and students of the Business School)

Question 26

Azure AD add user (CLI, PowerShell)

Answer 26

# create a new user
az ad user create

# create a new user
New-AzureADUser

Question 27

Azure AD SSPR steps.

Answer 27

1. Localization: check browsers locale - render SSPT page in appropriate language
2. Verification: User enters their username and pass a captcha
3. Authentication: enters the required data to authenticate their identity
4. Password Reset: user can enter new password
5. Notification: message to confirm the reset

Question 28

SSPR : Authentication methods

Answer 28

Mobile app authentication - authenticator app
mobile app code - authenticator app
email - provide an external email address
mobile phone - provide a mobile number
office phone - provide an office phone num
security questions - answer security questions

Question 29

How many authentication methods are required for SSPR?

Answer 29

This is specified by the administrator.

recommendations is 2 or more.
Authenticator as primary method, email or office phone as next best.

Question 30

Three settings for the Self-service password reset enabled property:

Answer 30

Disabled: No users in the Azure AD organization can use SSPR. This value is the default.

Enabled: All users in the Azure AD organization can use SSPR.

Selected: Only the members of the specified security group can use SSPR.

Question 31

Azure AD Registered Devices: Definition

Answer 31

Registered to Azure AD without requiring organizational account to sign in to the device

Question 32

Azure AD Registered Devices: Primary Audience

Answer 32

To enable users to use their own device (BYOD) and mobile devices

Question 33

Azure AD Registered Devices: Supported OS’s

Answer 33

Windows 10 or newer, iOS, Android, and macOS

Question 34

Azure AD Joined Devices: Definition

Answer 34

Joined only to Azure AD requiring organizational account to sign in to the device

Question 35

Azure AD Joined Devices: Primary Audience

Answer 35

Suitable for both cloud-only and hybrid organizations

Question 36

Azure Active Directory (Azure AD) B2B collaboration

Answer 36

… is a feature within External Identities that lets you invite guest users to collaborate with your organization.

With B2B collaboration, you can securely share your company’s applications and services with guest users from any other organization, while maintaining control over your own corporate data.

Question 37

With Azure AD B2B, Guest users sign in to your apps and services ______________

Answer 37

with their own work, school, or social identities.

do not require an Azure AD account

don’t need to manage external accounts or passwords

don’t need to sync accounts or manage account lifecycles

Question 38

Inviting guest accounts (B2B)

Answer 38

A simple invitation (email or self-service sign up) and redemption process lets partners use their own credentials to access your company’s resources.