01-Identity Flashcards
What is Azure Active Directory
Cloud-based suite of IDENTITY MANAGEMENT capabilities.
Allows you to securely manage access to Azure services and resources for your users.
Provides application management, authentication, device management, and hybrid identity.
How to authenticate to Azure Active Directory?
AUTH SAML Oauth Open ID WS-Federation
What is the common authentication set among Windows Server Active Directory and Azure Active Directory?
Users & Groups Authentication and Authorization
How to authenticate to Windows Server Active Directory?
AUTH
Kerberos
NTML
What is Identity
An object that can be authenticated
What is Account
An identity that has data associated with it
What is Azure AD account
An identity created through Azure AD or another Microsoft cloud service
What is Azure subscription
It is used to pay for Azure cloud services
What is Azure AD tenant/directory
A dedicated and trusted instance of Azure AD, a Tenant is automatically created when your organization signs up for a Microsoft cloud service subscription
What is Tenant
It is a single instance of Azure AD representing a single organization.
The terms Tenants and Directory are often interchanged
What is the underlying product that provides identity service
Azure AD is the underlying product that provides identity service
What is Azure AD primary function
Identity solution, designed for HTTP and HTTPS communications
How is Azure AD queired
Using REST API over HTTP and HTTPS.
Unstead of LDAP
What HTTP and HTTPS protocols does Azure AD use
SAML
WS-Federation
OpenID Connect of authentication and OAuth for authorization.
Instead of Kerberos
Does Azure AD include Federation services
Yes, and many 3rd party services, such as Facebook
What structure are Azure AD users and groups are created
In a flat structure, i.e. no Organizational Units (OUs) or Group Policy Objects (GPOs)
4 Azure Active Directory Editions
- Free
- Microsoft 365 Apps
- Premium P1
- Premium P2
What is difference between Premium P1 and Premium P2 Azure Active Directory Editions
P2 has Identity Protection and Identity Governance
What is Azure AD Join
User joins Azure AZ with their personal devices.
Facilitates Bring Your Own Device and makes sure personal device is compliant with the Organization’s network
Jist: for my users, their devices must be compliant BEFORE joining network
What is Self-Service Password Reset
Avoid users having to call Help Desk when they forget their passwords.
You can choose the number of authentication methods required and the methods available (email, phone, questions)
You can require users to register for SSPR (same process as Multi Factor Authentication)
Three ways Azure AD Identifies users
1 . Cloud Identities - created inside of Azure AD and accessed inside Azure AD
- Directory synchronized Identities - on-prem a/c/ synced with Azure AD
- Guest Identities - outside Azure AD, i.e. gmail, aol
How can you create or manage Azure AD User Accounts
Single accounts or bulk accounts
Who can manage Azure AD User Accounts
Global Admin or User Admin
Two group types in Azure AD
- Security Groups
2. Microsoft 365 gROUPS
Three assignment types in Azure AD
- Assigned
- Dynamic User
- Dynamic Device (Security groups only)
What is Dynamic User
User is automatically added to group based on predefined rule, i.e. user belongs to “Finance”
Is there parent-child relationship between organizations in Azure AD
No, they are Independent.
A peer is logically independent from the other Azure AD organizations you manage.
What does Independence in Azure AD Include
- Resource Independence
- Administration Independence
- Synchronization Independence
