Manage Azure Identies & Governance

Question 1

What are the 3 ways Azure AD defines users:

Answer 1

1. Cloud identities
2. Directory-synchronized identities
3. Guest users

Question 2

How does synchronization occur for Directory-synchronized identities?

Answer 2

Azure AD Connect

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-whatis

Question 3

What is the source of a Guest user?

Answer 3

Invited user

Question 4

What are the diffirent ways you can add new users?

Answer 4

1. Azure Portal
2. Microsoft 365 Admin Center
3. Microsoft Intune admin console
4. Azure CLI

Question 5

Deleted users can be restored for how many days?

Answer 5

30 days

Question 6

What roles is required to create users in Azure?

Answer 6

• Global administrator
• User administrator

Question 7

What is another option for bulk user uploads besides the csv template?

Answer 7

PowerShell Script

Question 8

What are the two types of group accounts?

Answer 8

1. Security groups
2. Microsoft 365 groups

Question 9

What type of group would you use to for a specific security policy?

Answer 9

Security groups

Question 10

What role is required to create a Security group?

Answer 10

Azure AD administrator

Question 11

What type of security group would you use to give users access to a SharePoint site?

Answer 11

Microsoft 365 groups

Question 12

What are the three different ways you can assign access rights to groups?

Answer 12

1. Assigned
2. Dynamic user
3. Dynamic Device (Security groups only)

Question 13

What methods can you use to manage administrative units?

Answer 13

• Azure portal
• PowerShell cmdlets and scripts
• Microsoft Graph

Question 14

How can you restrict administrative scope?

Answer 14

Administrative Units

https://docs.microsoft.com/en-us/azure/active-directory/roles/administrative-units

Question 15

Define Azure AD

Answer 15

Microsoft’s multi-tenant cloud based directory and identity management service

Question 16

What is an identity?

Answer 16

An object that can get authenticated. A user, applications and servers. Applications might require access through secret keys or certs.

Question 17

What is an account?

Answer 17

An identity that has data associated with it. You cannot have an account without an identity.

Question 18

What is an Azure AD account?

Answer 18

An identity created through Azure AD or another Microsoft cloud service. Sometime called a Work or school account.

Question 19

What is an Azure subscription?

Answer 19

A subscription is used to pay for Azure cloud services. You can have many subscriptions linked to the same credit card.

Question 20

What is an Azure tenant/directory?

Answer 20

A dedicated and trusted instance of Azure AD. A Tenant is automatically created when your organization signs up for a Microsoft cloud service subscription. Tenant means a single instance of Azure AD representing single organization. Tenant and Directory are used interchangeably.

Question 21

What components make up the Windows Active Directory suite?

Answer 21

• Active Directory Certificate Services (AD CS)
• Active Directory Lightweight Directory Services (AD LDS)
• Active Directory Federation Services (AD FS)
• Active Directory Rights Management Service (AD RMS)

Question 22

What are some of the main characteristics of Azure AD that make it different from Active Directory Domain Services?

Answer 22

• Primarily an identity solution designed for internet apps (http/https)
• Cannot be queried through LDAP. Azure AD uses REST API over http or https
• It does not use Kerberos authentication. Uses HTTP and HTTPs protocols
  
  • SAML
  • WS-Federation
  • OpenID Connect (authentication)
  • OAuth (authorization)
• Includes Federation Services like Facebook
• Use a flat structure for user and groups. There are no Organizational Units (OUs) or Group Policy Objects (GPOs)

Question 23

What communication protocols does Azure AD use for authentication?

Answer 23

It only uses HTTP/HTTPs based protocols like SAML, WS-Federation and OpenID Connect

Question 24

Does Azure AD support Organizational Units and Group Policy Objects?

Answer 24

No. Azure AD user and groups are created in a flat structure.

Question 25

Why does’n’t Azure AD support LDAP queries?

Answer 25

Azure AD is based on HTTP/HTTPS and uses REST APIs

Question 26

What are the only three things you manage in Azure AD?

Answer 26

Users, groups and policies

Question 27

What are the four editions of Azure AD?

Answer 27

Free, Microsoft 365 Apps, Premium P1 and Premium P2

Question 28

What agreement or programs are the Premium additions available through?

Answer 28

Microsoft Enterprise Agreement, Open Volume License Program, Cloud Solution Provider program

Question 29

What additional features does Azure AD Premium P1 provide?

Answer 29

Hybird users can access on-prem and cloud resources. Supports dynamic groups, self-service group management, Microsoft Identity Manager, cloud write-back self-service password reset for on-prem users.

Question 30

What additional features does Azure AD Premium P2 provide?

Answer 30

Azure Active Directory Identity Protection to help provide risk-based Conditional Access. Privileged Identity Management to help discover, restrict, monitor admins and their access to resources which provide JIT access.

Question 31

What is Azure AD Join?

Answer 31

Designed to provide access to organizational apps and resources and to simplify Windows deployments of work-owned devices.

Question 32

What are the benefits of Azure AD Join?

Answer 32

• SSO
• Enterprise state roaming of user settings
• Access to Microsoft Store for Business
• Windows Hello
• Restriction of access to apps from only devices the meet company compliance
• Seamless access to on-premise resources

Question 33

How are datacenters made available to end users by?

Answer 33

Region. Over 60+ regions and 140 countries.

Question 34

What global Azure service do not require the end user to select a region?

Answer 34

Azure Active Directory, Azure Traffic Manager and Azure DNS

Question 35

What are regional pairs and their features?

Answer 35

• Each region is paired with another region within the same geography
• At least 300 miles of separation between datacenters
• Platform-provided replication - automatic replication to the paired region (Geo-Redundant)
• Region recovery order - one region is prioritized over the other
• Sequential updates - rollouts of updates
• Data residency - except for Brazil. to meet tax and law enforcement jurisdiction

Question 36

What is an Azure Subscription?

Answer 36

Logical unit of Azure Services linked to an Azure account. Billing is managed per-subscription basis. Every subscription can be associated with AAD.

Question 37

What ways can you get an Azure subscripiton?

Answer 37

• Enterprise agreements - upfront monetary commitment. have a 99.95 monthly SLA
• Reseller - buy through Open Licensing Program
• Partners - find a partner to implement a solution
• Personal free account - free trial

Question 38

What are the different ways to assign access rights

Answer 38

Direct assignment

Group assignment

Rule-based assignment

Question 39

What type of assignment is at the user level?

Answer 39

Direct Assignment

Question 40

What type of assignment is used for a Group?

Answer 40

Group assignment

Question 41

What type of assignment is based on user or device properties to determine if the membership is valid?

Answer 41

Rule-based assignment