Entra ID

Question 1

What is Microsoft Entra ID and its primary purpose?

Answer 1

Microsoft Entra ID is a centralized identity and access management tool that controls access to on-premises, cloud, and personal devices. It allows IT administrators, developers, and subscribers to manage identities and access across multiple environments.

Question 2

What was Microsoft Entra formally known as?

Answer 2

It was formerly known as Azure Active Directory (AAD).

Question 3

Who are the primary users of Microsoft Entra ID?

Answer 3

The primary users of Microsoft Entra ID are IT administrators, developers, and subscribers.

Question 4

What is the Identity Secure Score in Entra ID?

Answer 4

The Identity Secure Score is a tool that measures an organization’s identity and access management setup against Microsoft’s best practices, helping organizations improve their security posture.

Question 5

What is the difference between a Tenant and a Directory in Entra ID?

Answer 5

A tenant is an instance of Entra ID, while a directory is a container within the tenant that holds key resources and objects. Each tenant has one directory.

Question 6

What are the 3 types of identities in Entra ID?

Answer 6

User Identities (employees, partners, etc.)

Workload Identities (applications, VMs, etc.)

Device Identities (mobile devices, desktops, etc.)

Question 7

How do Internal and External User Identities differ?

Answer 7

Internal User Identities are for employees and internal members of the organization.

External User Identities are for B2B collaborators, like guests or external members. External users often have more restrictive permissions.

Question 8

What is the difference between System-Assigned and User-Assigned Managed Identities?

Answer 8

System-Assigned Managed Identities are tied to a specific Azure resource (like a VM) and are deleted when the resource is shut down.

User-Assigned Managed Identities are independent of any Azure resource and can be shared across multiple resources. They persist even after resources are deleted.

Question 9

What is the purpose of creating groups in Entra ID, and what are the 2 main types of groups?

Answer 9

Groups are used to bundle user identities to grant them the same access rights and permissions. The two main types of groups are:

Microsoft 365 Groups: For collaboration, can be created by anyone, and is for user identities only.

Security Groups: Created by an Entra ID admin and used to enforce security policies.

Question 10

What is a Hybrid Identity, and why is it important?

Answer 10

A Hybrid Identity provides a single identity for users across both on-premises and cloud services. It is important because most organizations use a mix of on-prem and cloud environments, and Hybrid Identity enables seamless access between the two.

Question 11

What is the difference between Workforce Tenant and External Tenant in Entra ID?

Answer 11

A Workforce Tenant is an internal tenant used for the organization’s internal workforce, but it can also allow external users for B2B collaboration.

An External Tenant is a client-facing tenant used to deploy apps and services to external users or customers.

Question 12

What is an External Identity in Entra ID?

Answer 12

An External Identity is an identity that allows users from outside the organization to register and collaborate within an Entra ID tenant. This is often used for B2B collaboration.

Question 13

What is a Conditional Access Policy (CAP) in Microsoft Entra ID?

Answer 13

A Conditional Access Policy (CAP) is a security feature that adds an extra layer of protection, controlling who can access an organization’s data, services, and environment. CAPs work like “if-else” statements, using identity signals like user, device, and location to determine access.

Question 14

What are the two main components of a Conditional Access Policy?

Answer 14

Assignment: Defines “Who, What, When, and Where” the policy is applied, using logical AND to combine multiple conditions.

Access Control: Defines the access action, which can be:
- Block Access
- Grant Access (with or without additional requirements like MFA)
- Session Control (e.g., blocking certain actions or access to sensitive content)

Question 15

How does Microsoft Entra ID’s Conditional Access policy function like an “if-else” statement?

Answer 15

Conditional Access Policies evaluate a set of if conditions (like user, location, device, etc.). If the conditions are met, then an access control action is applied (block, grant, or session control).

Question 16

What is Microsoft Global Secure Access?

Answer 16

Microsoft Global Secure Access is a Zero Trust security approach that provides secure access for network traffic. It includes two main services:

Entra Internet Access: For secure access to SaaS and external applications.

Entra Private Access: For secure access to internal, on-premises resources, replacing traditional VPNs

Question 17

What is the purpose of the Security Service Edge (SSE) in Microsoft Entra?

Answer 17

Security Service Edge (SSE) integrates Entra Internet Access and Entra Private Access to provide a unified security solution for network access, enabling secure access to both external and internal resources.

Question 18

How does Microsoft Entra Internet Access secure access to SaaS solutions?

Answer 18

It acts as a Secure Web Gateway (SWG), ensuring that all traffic between users and external SaaS applications is secured and monitored.

Question 19

Why does Microsoft Entra Private Access eliminate the need for VPNs?

Answer 19

Entra Private Access removes the need for VPNs by using enterprise application containers. These containers act as brokers for access to protected resources, allowing access to be managed through Conditional Access Policies.

Question 20

What are the two main access features of Microsoft Entra Private Access?

Answer 20

Quick Access: Provides fast, seamless access for users.

Global Access: Allows for granular access control by assigning different Conditional Access Policies (CAPs) for specific users or groups.

Question 21

What information is available in the Global Secure Access Dashboard?

Answer 21

The Global Secure Access Dashboard displays network traffic data from Entra Internet Access and Entra Private Access, offering insights into user activity, network usage, and access patterns.

Question 22

What is Role-Based Access Control (RBAC) in Microsoft Entra ID?

Answer 22

RBAC is a system for managing access to resources based on user roles. It assigns permissions based on a user’s role within the organization, ensuring least privilege access.

Question 23

What are the three built-in roles in Microsoft Entra ID?

Answer 23

Global Administrator
Billing Administrator
User Administrator

Question 24

Can custom roles be created in Microsoft Entra ID?

Answer 24

Yes, organizations can create custom roles in Microsoft Entra ID to define specific permissions beyond the default roles.

Question 25

What is the purpose of Microsoft Entra Role-Based Access Control (RBAC)?

Answer 25

The purpose of RBAC is to ensure users have only the permissions they need to perform their tasks. It reduces the risk of over-permissioning and supports the principle of least privilege.

Question 26

How do Conditional Access Policies (CAPs) enhance security?

Answer 26

CAPs enforce security by allowing or blocking access based on signals like user identity, device, location, and more. This dynamic, context-based access control reduces the risk of unauthorized access.

Question 27

What is the role of enterprise application containers in Entra Private Access?

Answer 27

Enterprise application containers broker access to private resources. Each container is associated with a protected resource, and Conditional Access Policies are assigned to the container to manage user access.