Azure identity, access, and security Flashcards
Microsoft Entra ID
a directory service that enables you to sing in and access both Microsoft cloud applications and cloud applications that you have developed
T or F
Microsoft Entra ID id Microsofts cloud based identity and access management service
True
Who uses Microsoft Entra ID?
IT administrators
App Developers
Users
Online service subscribers
What does Microsoft Entra ID do?
Authentication
Single sign on
Application management
Device management
Microsoft Entra Connect
synchronizes user identities between on premises Active Directory and Microsoft Entra ID
Microsoft Entra Domain Services
service that provides managed domain services such as :
domain join
group policy
lightweight directory access protocol (LDAP)
Kerberos/NTLM authentication
T or F
with Microsoft Entra Domain Services you get the benefit of domain services without the need to deploy, manage, and patch domain controllers (CDs) in the cloud
True
How does Microsoft Entra Domain work?
when you create M E D - you define a unique namespace. the namespace is the domain name
then two windows server domain controllers are deployed to your selected Azure region - DCs replica set
T or F
A managed domain is configured to perform a one way synchronization from Microsoft Entra ID to Microsoft Entra Domain Services
True
Process of authentication
process of establishing the identity of a person, service, or device.
Single Sign On (SSO)
one credintial to access multiple resources
Only one ID and one Password
Multifactor authentication
prompting a user for an extra form or factor for identification during sign on.
password + code sent to phone
password + challenge question
Microsoft Entra multifactor authentication
allows users to choose an addition form of authentication for sign on
Passwordless authentication
Once something is registered to you ( a computer) it is associated with you and you can use a fingerprint or pin instead of a password
Microsoft global Azure & Azur5e Government offer 3 passwordless authentication options
Windows Hello for Business
Microsoft Authenticator App
FIDO2 security keys. (Fast Identity Online)
What is an external identity?
a person, device, service, etc that is outside of your organization
T or F
With External Identities, external users can “bring their own identities”
True
They can use their own credentials to sign in
The following capabilities make up External Identities:
Business to business (B2B) - typically guest users
B2B direct connect - two way trust. visible and can be monitored
Business to customer (B2C) - publish apps to consumers and customers while using Azure AD B2C for identity and access management
Conditional Access
a tool that Microsoft Entra ID uses to allow or deny access to recourses based on identity signals
the signals include who the user is
where the user is,
and what device they are using
What does contidonal access collect in order to make decisions?
Signals
When is conditional access useful?
MFA
require access to services through approved client applications
Require access from managed devices
Block access from untrusted sources
Role based access control
only grant access up to the level needed to complete a task
T or F
Azure provides built in roles that describe common access rules for cloud resources through Azure RBAC ( azure role based access control)
True
How is Azure RBAC enforced?
its enforced on any action that’s initiated against an Azure resource that passes through Azure Resource Manager
