Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Azure 500 > Azure 500 > Flashcards

Azure 500 Flashcards

1
Q

What is Entra ID

A

Microsoft Entra ID is a cloud-based identity and access management service that your employees can use to access external resources. Example resources include Microsoft 365, the Azure portal, and thousands of other Software-as-a-Service (SaaS) applications.Microsoft Entra ID also helps them access internal resources like apps on your corporate intranet, and any cloud apps developed for your own organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the Entra ID licenses

A

FREE,P1,P2,PAY AS YOU GO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is in P1 Entra licence

A

Microsoft Entra ID P1. In addition to the Free features, P1 also lets your hybrid users access both on-premises and cloud resources. It also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities, which allow self-service password reset for your on-premises users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is in the P2 Entra Licence

A

Microsoft Entra ID P2. In addition to the Free and P1 features, P2 also offers Microsoft Entra ID Protection to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is in the Free entra

A

Microsoft Entra ID Free. Provides user and group management, on-premises directory synchronization, basic reports, self-service password change for cloud users, and single sign-on across Azure, Microsoft 365, and many popular SaaS apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a Entra Account?

A

An identity created through Microsoft Entra ID or another Microsoft cloud service, such as Microsoft 365. Identities are stored in Microsoft Entra ID and accessible to your organization’s cloud service subscriptions. This account is also sometimes called a Work or school account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an identity?

A

A thing that can get authenticated. An identity can be a user with a username and password. Identities also include applications or other servers that might require authentication through secret keys or certificates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an Workload Identity

A

Give an identity to your software workload (such as an application, service, script, or container) to authenticate and access other services and resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Microsoft account (also called, MSA)

A

Personal accounts that provide access to your consumer-oriented Microsoft products and cloud services. These products and services include Outlook, OneDrive, Xbox LIVE, or Microsoft 365. Your Microsoft account is created and stored in the Microsoft consumer identity account system that’s run by Microsoft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is an internal member?

A

Internal member: These users are most likely full-time employees in your organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What roles are needed to create a user in entra

A

The required role of least privilege varies based on the type of user you’re adding and if you need to assign Microsoft Entra roles at the same time. Global Administrator can create users and assign roles, but whenever possible you should use the least privileged role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a Internal guest

A

These users have an account in your tenant, but have guest-level privileges. It’s possible they were created within your tenant prior to the availability of B2B collaboration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is an external memeber

A

These users authenticate using an external account, but have member access to your tenant. These types of users are common in multitenant organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is an external guest?

A

These users are true guests of your tenant who authenticate using an external method and who have guest-level privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the 4 types of users in entra ID?

A

Internal member: These users are most likely full-time employees in your organization.
Internal guest: These users have an account in your tenant, but have guest-level privileges. It’s possible they were created within your tenant prior to the availability of B2B collaboration.
External member: These users authenticate using an external account, but have member access to your tenant. These types of users are common in multitenant organizations.
External guest: These users are true guests of your tenant who authenticate using an external method and who have guest-level privileges.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How to create a user in entra?

A

Sign in to the Microsoft Entra admin center as at least a User Administrator.

Browse to Identity > Users > All users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

what the rules about user assignments in entra id?

A

You can assign the user to an administrative unit, group, or Microsoft Entra role when the account is created. You can assign the user to up to 20 groups or roles. You can only assign the user to one administrative unit. Assignments can be added after the user is created.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Types of Groups?

A

Security, Microsoft 365

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is a security group?

A

Security: Used to manage user and computer access to shared resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is a Microsoft 365 group

A

Microsoft 365: Provides collaboration opportunities by giving group members access to a shared mailbox, calendar, files, SharePoint sites, and more.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the membership types of groups?

A

Assigned: Lets you add specific users as members of a group and have unique permissions.

Dynamic user: Lets you use dynamic membership rules to automatically add and remove members. If a member’s attributes change, the system looks at your dynamic group rules for the directory to see if the member meets the rule requirements (is added), or no longer meets the rules requirements (is removed).

Dynamic device: Lets you use dynamic group rules to automatically add and remove devices. If a device’s attributes change, the system looks at your dynamic group rules for the directory to see if the device meets the rule requirements (is added), or no longer meets the rules requirements (is removed).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the assigned membership type?

A

Assigned: Lets you add specific users as members of a group and have unique permissions.

23
Q

What is the dynamic user membership type?

A

Lets you use dynamic membership rules to automatically add and remove members. If a member’s attributes change, the system looks at your dynamic group rules for the directory to see if the member meets the rule requirements (is added), or no longer meets the rules requirements (is removed).

24
Q

what is the dynamic device membership type?

A

Dynamic device: Lets you use dynamic group rules to automatically add and remove devices. If a device’s attributes change, the system looks at your dynamic group rules for the directory to see if the device meets the rule requirements (is added), or no longer meets the rules requirements (is removed).

25
Rules about groups? ( what happens after creating a group)
After creating a Microsoft Entra group, you need to grant it the appropriate access. Each application, resource, and service that requires access permissions needs to be managed separately because the permissions for one may not be the same as another. Grant access using the principle of least privilege to help reduce the risk of attack or a security breach.
26
Ways to assign access rights
Direct assignment. The resource owner directly assigns the user to the resource. Group assignment. The resource owner assigns a Microsoft Entra group to the resource, which automatically gives all of the group members access to the resource. Group membership is managed by both the group owner and the resource owner, letting either owner add or remove members from the group. Rule-based assignment. The resource owner creates a group and uses a rule to define which users are assigned to a specific resource. The rule is based on attributes that are assigned to individual users. The resource owner manages the rule, determining which attributes and values are required to allow access the resource. External authority assignment. Access comes from an external source, such as an on-premises directory or a SaaS app. In this situation, the resource owner assigns a group to provide access to the resource and then the external source manages the group members.
27
What is direct assignment
Direct assignment. The resource owner directly assigns the user to the resource.
28
What is group assignment
Group assignment. The resource owner assigns a Microsoft Entra group to the resource, which automatically
29
what is rule based assignment?
Rule-based assignment. The resource owner creates a group and uses a rule to define which users are assigned to a specific resource. The rule is based on attributes that are assigned to individual users. The resource owner manages the rule, determining which attributes and values are required to allow access the resource.
30
what is External authority assignment?
External authority assignment. Access comes from an external source, such as an on-premises directory or a SaaS app. In this situation, the resource owner assigns a group to provide access to the resource and then the external source manages the group members.
31
Can users join groups without being assigned?
The group owner can let users find their own groups to join, instead of assigning them. The owner can also set up the group to automatically accept all users that join or to require approval. After a user requests to join a group, the request is forwarded to the group owner. If it's required, the owner can approve the request and the user is notified of the group membership. If you have multiple owners and one of them disapproves, the user is notified, but isn't added to the group.
32
what is b2b colloboration?
B2B collaboration is a feature within Microsoft Entra External ID that lets you invite guest users to collaborate with your organization. With B2B collaboration, you can securely share your company's applications and services with external users, while maintaining control over your own corporate data. Work safely and securely with external partners, large or small, even if they don't have Microsoft Entra ID or an IT department.
33
Access Lifecycle Management
Automate access changes based on user attributes Entitlement management for access request/approval Access reviews for recertification Support for cloud and on-prem apps (via SCIM, REST, SOAP, etc.) Enforce Conditional Access (MFA, Terms of Use)
34
Privileged Access Lifecycle
Govern admin roles using Microsoft Entra PIM Enforce just-in-time access Alerts, access reviews, and role lifecycle management Strong controls for Microsoft 365, Azure, and more
35
Identity lifecycle management
Identity Governance helps organizations achieve a balance between productivity - How quickly can a person have access to the resources they need, such as when they join my organization? And security - How should their access change over time, such as due to changes to that person's employment status?
36
What is a digital identity?
A digital identity is information on an entity used by one or more computing resources, such as operating systems or applications. These entities may represent people, organizations, applications, or devices. The identity is usually described by the attributes that are associated with it, such as the name, identifiers, and properties such as roles used for access management. These attributes help systems make determinations such who has access to what, and who is allowed to use that resource.
37
Managing the Lifecycle of Digital Identities
1️⃣ Identify Systems of Record Use trusted sources (e.g., Workday, SuccessFactors, Exchange Online) for user data. 2️⃣ Integrate with Microsoft Entra ID Sync users from systems of record. Remove outdated or duplicate user accounts. 3️⃣ Connect Application Directories Link Microsoft Entra ID to other app directories. Clean up old or mismatched entries (e.g., ex-employee accounts). 4️⃣ Handle Edge Cases Create processes for non-standard identities (e.g., visitors, freelancers) not in an HR database. 5️⃣ Automate Data Flow Ensure updates from source systems are replicated across all connected directories via Entra ID.
38
What is Identity Lifecycle Management?
Definition: A process to automate and manage digital identities from creation to deletion, ensuring secure, timely access to resources throughout a user’s relationship with an organization. Goal: Balance productivity (quick access) and security (timely updates/removal).
39
What is a Digital Identity?
Definition: A collection of attributes (name, role, department, etc.) used to represent a person, device, or app in computing systems for access control and identity verification.
40
Core Identity Lifecycle Stages (Join–Move–Leave)
Join: New user needs an identity and access. Move: User changes role/location → update access. Leave: User exits organization → remove access and disable identity.
41
Key Steps in Lifecycle Management Setup
Identify systems of record (e.g., Workday, Exchange Online). Sync with Entra ID, resolve outdated user data. Link other app directories (clean up inconsistencies). Handle exceptions (e.g., guests without HR records). Automate propagation of identity changes across systems.
42
Guest Identity Lifecycle
Managed using Microsoft Entra External Identities & Entitlement Management. Guests can request access → approved → identity created → access assigned. When access expires, identity is automatically removed.
43
Microsoft Entra ID – Automation Tools
🔧 Inbound Provisioning: Pull data from Workday, SuccessFactors to auto-create/maintain users in AD & Entra ID. 🔁 Inter-directory Provisioning: Sync users already in Active Directory with Microsoft Entra ID. ⚙️ Lifecycle Workflows: Run tasks on key events (e.g., send welcome emails, assign roles). 🔄 Automatic Assignment Policies: Assign/remove group memberships and app roles based on attribute changes.
44
What Are Lifecycle Workflows?
Definition: A feature that automates common identity lifecycle stages: Joiner (new user) Mover (role or department change) Leaver (exit or termination) These workflows execute tasks automatically based on user attributes and triggers.
45
Key Components of a Workflow
Task: Action to be executed (e.g., send email, disable account) Scope: Users the workflow applies to (e.g., new employees) Trigger: When it runs (e.g., 7 days before hire date)
46
Benefits of Lifecycle Workflows
Automates onboarding/offboarding ✅ Reduces manual effort ✅ Centralizes identity workflows ✅ Improves scalability ✅ Provides history and audit logs ✅ Supports compliance & troubleshooting ✅ Integrates with Logic Apps for complex scenarios
47
Cue Card 4: When to Use Lifecycle Workflows
Extend HR provisioning: Automate new hire tasks (e.g., welcome email, temp password) 🟢 Automate group membership: Works with static groups, no need for dynamic group rules 🟢 Automate user account management: Disable or delete accounts for departing users 🟢 Audit & troubleshoot: Keep logs of executed tasks 🟢 Custom scenarios with Logic Apps
48
: Differences vs. Dynamic Groups Lifestyle workflows
Lifecycle workflows manage static groups No need for one rule per group Broader triggers (e.g., based on date offsets like employeeHireDate - 7 days) Can perform actions on groups, not just membership
49
licensing & Limitsfor governace
Requires Microsoft Entra ID Governance license Up to 50 workflows Up to 100 custom task extensions Supports on-demand and scheduled execution
50
What is Entitlement Management?
Definition: A Microsoft Entra ID Governance feature that automates access requests, assignments, reviews, and expiration for internal and external users. Purpose: To manage access to groups, apps, Teams, and SharePoint Online sites at scale with approval workflows and time-limited access.
51
Why Use Entitlement Management?
Users often don’t know what access they need or how to get it. Users may retain access longer than necessary. External access is hard to manage manually. Automates and secures the process for both internal and guest users.
52
What is an Access Package?
A bundle of resources (groups, apps, sites) users need for a role or task. Resources in Access Packages: Microsoft Entra security groups Microsoft 365 Groups / Teams Enterprise apps (SaaS or custom) SharePoint Online sites Also supports: Group-based licensing Azure role access Microsoft Entra role assignments
53
What is a Policy in Entitlement Management?
A policy defines: Who can request access (internal/external) How access is approved (e.g. manager approval) How long access lasts before expiration Whether access renewals or access reviews are required Each access package can have multiple policies.

Azure 500 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions