Implement and manage identity and access Flashcards Preview

MS-500 M365 Security Administrator Associate > Implement and manage identity and access > Flashcards

Flashcards in Implement and manage identity and access Deck (45)
Loading flashcards...
1

Risk events are separated into what 3 types? How do you access these reports?

Risky Users, Risky Sign Ins, Risky Detections. To Access go to Azure Portal -> Azure Active Directory -> Security -> Identity Protection -> Reports

2

How do you configure Identity Protection Alerts?

Azure Portal -> Azure Active Directory -> Security -> Identity Proection -> Users at Risk Detected/Alerts

3

How do you access and implement the sign-in risk policy?

Azure Portal -> Azure Active Directory -> Security -> Identity Protection -> Sign-In Risk Policy

4

How do you implement the sign-in risk policy?

Setup Assignments (Users, Conditions)
Setup Controls - Access, Allow, Block, Require pw reset
Microsoft recommends set the threshold to "Medium"

5

How do you access the User Risk Policy?

Azure Portal -> Azure Active Directory -> Security -> Identity Protection -> User Risk Policy

6

How do you implement the User Risk Policy?

Setup Assignments (Users, Conditions)
Setup Controls
Microsoft recommends set the threshold to "High"

7

What behaviors are identified by sign-in risk policy?

This policy helps identify and respond to risky or unusual account sign-in behavior that might indicate the account has been compromised.

8

What types of behaviors will the sign-in risk policy detect?

Anonymous IP Address
Atypical travel
Malware-linked IP address
Unfamiliar sign-in properties
Admin-confirmed user compromised
Malicious IP address
Suspicious Inbox Manipulation
Impossible travel

9

What behaviors are identified by User Risk Policy?

This policy helps identify and respond to user account behavior or activities that seem suspicious and indicate the account might have been compromised.

10

What types of behaviors are detected by the User risk policy?

Leaked Credentials
Azure AD Threat Intelligence

11

What are the 2 types of available Identity Protection policies?

User Risk Policy
Sign-in Risk Policy

12

What is Azure AD Identity Protection? What license is required?

Azure AD Identity Protection is an Azure AD Premium P2 feature that includes user risk and sign-in risk policies and alerts that help you stay on top of mitigating the potential of data loss.

13

How do you configure PIM roles?

Go to Azure Portal -> search for Azure AD Privileged Identity Management -> then Azure AD Roles settings

14

What is PIM?

Privileged Identity Management (PIM) enables your organization to protect important resources across Azure, Azure AD, Intune, and Office 365 apps & services by managing and auditing access to them.

15

How are Role assignments created?

portal.azure.com
-> click Subscriptions
-> then Access Control (IAM)

16

What is RBAC?

Azure Role-Based Access Control (RBAC) allows fine-grained access management of Azure resources. Allows you the ability to divide responsibility by role for and access to management of various machines, networks, resource groups, and so on.

17

What 3 components does RBAC consist of?

Security Principal - object requesting access (user, group, service, etc)
Role Definition - a set of permissions that defines the actions that can be performed
Scope - the resources to which access will be granted

18

In RBAC what is the scope resource hierarchy?

Management Group
-> Subscription
->-> Resource Group
->->-> Resource

19

What is the default option when you create a Conditional Access Policy?

the default option is Report Only.
This is good for testing the effect the policy will have on users

20

Where do you create Conditional Access Policies?

Microsoft EndPoint Manager Admin Center
endpoint.microsoft.com
-> select Endpoint Security
-> Conditional Access
->New Policy

21

Aside from Compliance Policies, you can configure general compliance settings, where?

Microsoft EndPoint Manager Admin Center
->choose Device
->Compliance Policies
->Compliance Policy Settings

22

Where do you go to configure and manage device compliance for endpoint security?

Microsoft EndPoint Manager
endpoint.microsoft.com
-> select devices
-> Compliance Policies
-> Create Policy

23

How are Conditional Access Policies related to Compliance Policies?

Compliance policies are configured separately but they can be used within Conditional Access Policies.

24

What license is required for SSPR with Password write back?

Azure AD Premium P1 licenses

25

What license is required for Conditional Access Policies?

Azure AD Premium license & Intune (Intune or Enterprise Mobility + Security license)

26

To enable passwordless authentication you must sign in to the Azure Portal at?

portal.azure.cm
-> then select Azure Active Directory
-> Security
-> Authentication Methods
-> Authentication Methods Policy (Preview)
Then select either FIDO2 Security Key, Microsoft Authenticator Passwordless Sign In or Text Message

27

In order to implement Windows Hello for SSO the devices must be first?

Devices must first be joined to Azure AD and Intune-enrolled.
Windows Hello incorporates biometrics, device-specific pins and is exclusive to Windows 10 devices

28

MFA and other Sign-ons are reported in what report?

Azure AD's Sign-Ins report
portal.azure.com
-> select Azure
-> Active Directory
-> User
->Sign-Ins

29

Azure AD Security Defaults include

All users must register for Azure MFA
Admins must use MFA
Legacy authentication protocols are blocked
Users are required to perform MFA when necessary
Privileges such as access to Azure Portal have been restricted

30

What is involved in Azure AD Identity governance?

involved regularly analyzing and confirming or cleaning up group membership.