Manage Azure identities and governance

Question 1

When moving an App Service resource to another resource group what are the following things the resource group must not include?

Answer 1

Web Apps
App Service Plans
TLS/SSL Certificates
App Service Enviroments

Question 2

What are the two roles in Microsoft 365?

Answer 2

Owner
Member

Question 3

What is an administrative unit?

Answer 3

This allows you to restrict users access based on their role

Question 4

What is Global Administrator role?

Answer 4

This role has access to all AAD and the services aligned with it
Give admin access
Reset password for every admin

Question 4

What is Billing Administrator role?

Answer 4

Purchase things
In charge of subscription
Maintains service health
Controls support tickets

Question 4

What is User Administrator role?

Answer 4

Users and groups can be created and managed
Control support tickets

Question 5

What is Azure AD Registerd?

Answer 5

This connects your BOYD devices to AAD

Question 6

What is Azure AD Joined

Answer 6

This connects your org device to AAD then is syncs to AD on-prem

Question 7

What is Hybird AD Joined

Answer 7

This syncs your A on-prem devices to AAD

Question 8

What is an Azure resource lock?

Answer 8

This is used to lock azure subscription, resource group, or resource to protect them from accidental user deletions and modifications.

Question 9

What are the two types of Azure locks

Answer 9

Read-only
Delete

Question 10

What is delete lock type?

Answer 10

This means authorised users can read and modify a resource, but cannot delete it

Question 11

What dose read-only lock type mean?

Answer 11

This means authorized users can read a resource, but they can’t delete or update it

Question 12

When moving a web app to another resource group what resources mustn’t the new resource group have?

Answer 12

Web Apps
App Service plans
Uploaded or imported TLS/SSL certificates
App Service Environments

Question 13

What is Management Groups?

Answer 13

Management groups are used to organise subscriptions to allow policy and price management easier to delegate

Question 14

What is Subscriptions?

Answer 14

Subscriptions are used to host resources and groups and are used for management of the polices and pricing.

Question 15

What is Resource Groups

Answer 15

This is a container that hold Azure resources.

Question 16

What is Azure Resources

Answer 16

This is manageable item in Azure like VMs, Azure Web App, SQL Database.

Question 17

What is Azure Resource Manager?

Answer 17

Azure resource manager is used for creating an deploying of Azure resources.

Question 18

What four things can be used to deploy an Azure Resource?

Answer 18

Azure Portal
Azure PowerShell
Azure CLI
REST API Clients

Question 19

What type of resources can be deployed via Azure Resource Manager?

Answer 19

VMs
Azure Web App
SQL Database

Question 20

What is a Resource Provider?

Answer 20

This is a service that provides the resource. For example, VMs are provided by Microsoft.Compute.

Question 21

What is Azure Resource Manager Template?

Answer 21

This is a JSON file (JavaScript Object Notation) that is used to define one or more resources deployed to a resource group or subscription.

Question 22

What dose SSPR stand for?

Answer 22

Self-Service Password Reset

Question 23

What is Self-Service Password Reset?

Answer 23

SSPR can be abled for all or limited number of users. You can setup authentication methods like security questions, email, SMS, etc. Users have to setup SSPR manually before it will become an option for them to use.

Question 24

What dose RBAC stand for?

Answer 24

Role-based Access Control

Question 25

What is RBAC used for?

Answer 25

RBAC can restrict what access users can have to Azure Resources. It allows the admin to restrict access per subscription, resource groups or resources and provide either RO or RW access.

Question 26

Why do we use RBAC?

Answer 26

This allows businesses to stay compliant with local and global laws with data restrictions and confidentiality. You can either user built-in Azure RBAC roles or create custom roles using JSON files.

Question 27

What are the two types of AD Tenants?

Answer 27

B2C (business-to-customer)
B2B (business-to-business)

Question 28

What is B2C?

Answer 28

B2C (business-to-customer) is an identity solution for customer facing applications, it has it own independent tenant not connected to AAD and can used local, enterprise or social accounts connections

Question 29

What is B2B?

Answer 29

B2B (business-to-business) allows guest access into your Azure environment for collaboration on Azure resources. This works by using external identities like enterprise or social accounts as authentication into the Azure environment.

Question 30

What are features of Azure AD DS

Answer 30

Full identify solution
REST API Queries
Communication Protocols
Federation Services
Flat Structure
Managed Service

Question 31

What is Azure Policies?

Answer 31

Azure polices service is used to create, assign and manage polices. The polices are used to enforce rules to resources and can show non-compliance status if not following the rules.

Question 32

What are Resource Tags used for?

Answer 32

Resource tags can be used to organize resources in Azure, with each tag having a name and a value. Once applied the resource tag you can find the resource using the tags name and value, this helps when trying to find resource across various resource groups.

Question 33

What can the role Account Administrator do?

Answer 33

This account is the billing owner of the subscriptions

• Can access theAzure portaland manage billing
• Manage billing for all subscriptions in the account
• Create new subscriptions
• Cancel subscriptions
• Change the billing for a subscription
• Change the Service Administrator
• Can’t cancel subscriptions unless they have the Service Administrator or subscription Owner role

Question 34

What can the role Service Administrator do?

Answer 34

The Service Administrator has the equivalent access of a user who is assigned the Owner role at the subscription scope. The Service Administrator has full access to the Azure portal.

• Manage services in the Azure portal
• Cancel the subscription
• Assign users to the Co-Administrator role

Question 35

What can the role Co-Administrator do?

Answer 35

The Co-Administrator has the equivalent access of a user who is assigned the Owner role at the subscription scope.

• Same access privileges as the Service Administrator, but can’t change the association of subscriptions to Microsoft Entra directories
• Assign users to the Co-Administrator role, but can’t change the Service Administrator

Question 36

What tools can you use to create administrative units?

Answer 36

Azure Portal
MS Graph/Powershell
MS 365 Admin Center

Question 37

What steps should you take to connect a 3rd party domain to AAD?

Answer 37

Add a custom domain
Add a record to the public whizlabs.com DNS zone
Verify the domain

Question 38

What are thing to note before moving resources in Azure?

Answer 38

Both the source and target group are locked during the move
You can’t add, update or delete resources in the resource group (during the move)
Underlying resources will still work during the move

Question 39

Who can have local admin an an Azure Joined machine?

Answer 39

Global Administrator
Device Local Administrator Role
User joining the device

Question 40

When moving resources from one resource group to another. What do you need to keep in mind regarding locks?

Answer 40

If the resource being moved has a lock enabled, it doesn’t matter since the resource group lock is the only thing that matters when moving resources.

Question 41

When creating a new tenant in Azure, who has access to the tenant?

Answer 41

Only the owner/creator of the tenant

Question 42

If a users in a global admin in tenant A, then another user creates tenant B. What access will they have on tenant B?

Answer 42

No access. The users who created the tenant will need to give them access.