SC-100: Identity Flashcards
(14 cards)
Entra ID Premium P1 and P2 licensing
Microsoft Entra ID Premium P2 exclusive features:
-Microsoft Entra ID Protection (risk based Conditional Access)
-Privileged Identity Management (PIM)
In summary, if you need advanced, risk-based access controls and just-in-time privileged access management, move to P2, otherwise P1 covers hybrid-identity, dynamic groups, self-service features, and standard Conditional Access
Conditional Access
Allows organizations to set policies that dynamically adapt access controls based on user-risk levels and real-time conditionals like device health and location.
Grants or denies application access to users by requiring multifactor authentication or blocking access when the specified conditions are not met.
What type of accounts should be excluded from Conditional Access policies?
Microsoft recommends excluding:
-Emergency access/break-glass accounts
-Service Accounts
What is continuous access evaluation in Microsoft Entra ID?
A mechanism for enforcing Conditional Access policies almost in real-time.
Continuous access evaluation evaluates conditional access policies every time a request is made, allowing for swift and accurate responses to changes in the access control environment.
Access Reviews
Access Reviews in Microsoft Entra ID, part of Microsoft Entra, enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments.
Users access can be reviewed regularly to make sure only the right people have continued access.
Microsoft Entra External ID
For organizations and businesses that want to make their public-facing applications available to customers, Microsoft Entra ID makes it easy to add CIAM features, such as self-service registration, personalized sign-in expereinces, and customer account management.
Because CIAM capabilities are built into Microsoft Entra ID, you also benefit from platform features such as enhanced security, compliance, and scalability.
What are External Identities in Microsoft Entra ID?
A set of tools for managing user accounts and access for non-employees or guests that need to access organizational assets.
External Identities enable secure collaboration between external users like customers, business partners, or vendors and internal teams while guarding against unauthorized data access.
Entitlement Management
Entitlement Management can grant access to access packages that contain groups, applications, and SharePoint Online sites. You can have approvers to approve access requests and be used for both internal and external access.
What is cloud infrastructure entitlement management?
A solution focused on securing access to privileged functions in cloud platforms.
Refers to a system for controling and restricting users from performing sensitive actions, using a role-based access model, and ensuring the principle of least privilege is respected.
What is Privileged Access Management (PAM)?
A control layer for managing access to high-risk services and applications.
PAM is designed to help minimize organizational risk by providing a control layer that ensures access to high-risk services is granted based on specific criteria such as busines justification or time-bound provisioning.
Enhanced Security Admin Environment (ESAE)
A framework recommended by Microsoft for implementing privileged access workstations (PAWs) and enhancing the security of administrative accounts in an organization.
Aligns with Zero Trust model and includes measures such as strong authentication, just-in-time access and conditional access.
What is Azure Lighthouse?
A centralized management platform for third-party managed service providers.
Azure Lighthouse is a unified management platform that enables cross-tenant, multi-service, remote-management scenarios for MSPs and cloud solution providers.
An attacker attempts lateral movement across domain-joined computers. Which services would protect against that?
Defender for Identity
