01-Identity

Question 1

What is Azure Active Directory

Answer 1

Cloud-based suite of IDENTITY MANAGEMENT capabilities.

Allows you to securely manage access to Azure services and resources for your users.

Provides application management, authentication, device management, and hybrid identity.

Question 2

How to authenticate to Azure Active Directory?

Answer 2

AUTH
SAML
Oauth
Open ID
WS-Federation

Question 3

What is the common authentication set among Windows Server Active Directory and Azure Active Directory?

Answer 3

Users & Groups Authentication and Authorization

Question 4

How to authenticate to Windows Server Active Directory?

Answer 4

AUTH
Kerberos
NTML

Question 5

What is Identity

Answer 5

An object that can be authenticated

Question 6

What is Account

Answer 6

An identity that has data associated with it

Question 7

What is Azure AD account

Answer 7

An identity created through Azure AD or another Microsoft cloud service

Question 8

What is Azure subscription

Answer 8

It is used to pay for Azure cloud services

Question 9

What is Azure AD tenant/directory

Answer 9

A dedicated and trusted instance of Azure AD, a Tenant is automatically created when your organization signs up for a Microsoft cloud service subscription

Question 10

What is Tenant

Answer 10

It is a single instance of Azure AD representing a single organization.

The terms Tenants and Directory are often interchanged

Question 11

What is the underlying product that provides identity service

Answer 11

Azure AD is the underlying product that provides identity service

Question 12

What is Azure AD primary function

Answer 12

Identity solution, designed for HTTP and HTTPS communications

Question 13

How is Azure AD queired

Answer 13

Using REST API over HTTP and HTTPS.

Unstead of LDAP

Question 14

What HTTP and HTTPS protocols does Azure AD use

Answer 14

SAML
WS-Federation
OpenID Connect of authentication and OAuth for authorization.

Instead of Kerberos

Question 15

Does Azure AD include Federation services

Answer 15

Yes, and many 3rd party services, such as Facebook

Question 16

What structure are Azure AD users and groups are created

Answer 16

In a flat structure, i.e. no Organizational Units (OUs) or Group Policy Objects (GPOs)

Question 17

4 Azure Active Directory Editions

Answer 17

1. Free
2. Microsoft 365 Apps
3. Premium P1
4. Premium P2

Question 18

What is difference between Premium P1 and Premium P2 Azure Active Directory Editions

Answer 18

P2 has Identity Protection and Identity Governance

Question 19

What is Azure AD Join

Answer 19

User joins Azure AZ with their personal devices.

Facilitates Bring Your Own Device and makes sure personal device is compliant with the Organization’s network

Jist: for my users, their devices must be compliant BEFORE joining network

Question 20

What is Self-Service Password Reset

Answer 20

Avoid users having to call Help Desk when they forget their passwords.

You can choose the number of authentication methods required and the methods available (email, phone, questions)

You can require users to register for SSPR (same process as Multi Factor Authentication)

Question 21

Three ways Azure AD Identifies users

Answer 21

1 . Cloud Identities - created inside of Azure AD and accessed inside Azure AD

2. Directory synchronized Identities - on-prem a/c/ synced with Azure AD
3. Guest Identities - outside Azure AD, i.e. gmail, aol

Question 22

How can you create or manage Azure AD User Accounts

Answer 22

Single accounts or bulk accounts

Question 23

Who can manage Azure AD User Accounts

Answer 23

Global Admin or User Admin

Question 24

Two group types in Azure AD

Answer 24

1. Security Groups

2. Microsoft 365 gROUPS

Question 25

Three assignment types in Azure AD

Answer 25

1. Assigned
2. Dynamic User
3. Dynamic Device (Security groups only)

Question 26

What is Dynamic User

Answer 26

User is automatically added to group based on predefined rule, i.e. user belongs to “Finance”

Question 27

Is there parent-child relationship between organizations in Azure AD

Answer 27

No, they are Independent.

A peer is logically independent from the other Azure AD organizations you manage.

Question 28

What does Independence in Azure AD Include

Answer 28

1. Resource Independence
2. Administration Independence
3. Synchronization Independence