Azure AD Flashcards
What type of user accounts exist only in Azure AD. These are typically used by small organizations that do not have on-premises servers or do not use AD DS to manage local identities.
Cloud-only identity User Accounts
What type of user accounts originate in an on-premises AD DS and have a copy in the Azure AD tenant of a Microsoft 365 subscription.
Hybrid identity User Accounts
In a Hybrid Identity Azure AD setup, most changes you make only sync in which direction?
Most on premise changes are synced to the Azure AD, any changes made directly in Azure will not get synced to the on premise AD.
WHAT provides the ongoing account synchronization? It runs on an on-premises server, checks for changes in the AD DS, and forwards those changes to Azure AD.
Azure AD Connect
What is Azure AD B2B?
It’s a feature within External Identities that lets you invite guest users to collaborate with your organization..
What 4 Identity providers are supported for B2B external collaboration?
Microsoft Account
Azure Active Directory
Google Federation
SAML/WS-Fed identity provider (Direct Federation)
What PowerShell module is needed to connect to Azure AD?
AzureAD Module
What two PowerShell commands are needed to connect to your Azure AD environment?
Install-Module -Name AzureAD
Connect-AzureAD
What type of file is needed when using the Bulk Create User feature in Azure AD portal?
Comma Separated Value file (.csv)
What three Bulk User Operations are available in the Azure AD portal?
Bulk Create
Bulk Invite
Bulk Delete
What are the 2 Azure AD group types??
Security and Microsoft 365 Groups
What are the different Azure AD group membership types?
Assigned
Dynamic User
Dynamic Device
What’s the differences between Assigned and Dynamic membership types?
Assigned - Manually add specific users to be members of the group.
Dynamic - Setup membership rules that will auto add and remove members/devices from the group.
What two PowerShell cmdlets are used to create and add members to Azure AD Groups?
New-AzureADGroup
Add-AzureADGroupMember
What PowerShell cmdlet is used to create a new Azure AD User?
New-AzureADUser
What is an Azure AD user and group container analogous to organizational units (OU) in a local Active Directory?
Azure AD Administrator Units
What’s the 2 primary reasons to utilize Administrative Units in an enviroment?
Logically organize your Azure AD users and groups
Delegate administrative permissions such as password resets and enforcing least-privileage administration.
The goal of WHAT supports Bring Your Own Device (BYOD) or mobile device scenarios, allowing devices to be registered to Azure AD without requiring an organizational account to sign in to the device?
Azure AD Registered Devices
Administrators can secure and further control Azure AD registered devices by using WHAT?
Mobile Device Management (MDM) tools like Microsoft Intune
The goal of WHAT is to restrict devices only joined to Azure AD, requiring an organizational account to sign in to the device for access?
Azure AD Joined Devices
What operating systems are supported for Azure AD Join?
Windows 10 (Not Home Edition) Win Server 2019 running in Azure (Not Server Core)
What operating systems are supported for Azure AD registered devices??
Windows 10
iOS
Android
MacOS
If your environment has an on-premises AD footprint, and you also want to benefit from the capabilities provided by Azure Active Directory, you can implement WHAT type of joined devices?
Hybrid Azure AD Joined Devices
What operating systems are supported for Hybrid Azure AD Joined Devices?
Windows 10, 8.1, and 7
Windows Server 2008/R2, 2012/R2, 2016, and 2019
When an Azure VM is joined to the Azure AD, to allow a user to log in to the VM over RDP, you must first assign them one of WHAT roles.
Virtual Machine Administrator Login
Virtual Machine User Login
The Virtual Machine Administrator Login and Virtual Machine User Login roles use dataActions and thus cannot be assigned at the management group scope. Currently, these roles can only be assigned WHERE?
Subscription, Resource Group, or Resource Scope.
What is Azure Enterprise State Roaming (ESR)?
Provides the ability to securely synchronize their user settings and application settings data to the cloud. Gives users a unified experience across their Windows devices and reduces the time needed for configuring a new device.
What five services are included in Azure Enpoint Manager?
Microsoft Intune Configuration Manager Desktop Analytics Co-management Windows Autopilot
WHAT is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).
Microsoft Intune
Microsoft suggests that you use WHAT as a way to onboard or enforce Azure MFA?
Conditional Access Policy
WHAT is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies?
Conditional Access Policies
Conditional Access policies are enforced after WHAT is completed?
First-factor Authentication
What are some common signals Condition Access can take into account when making a policy decision?
User or group membership IP Location information Device Application Real-time and calculated risk detection Microsoft Cloud App Security (MCAS)
WHA is an Azure Active Directory (AD) feature that enables users to reset their passwords without contacting IT staff for help?
Self-Service Password Reset (SSPR)
WHAT can be used to synchronize password changes in Azure AD back to your on-premises AD DS environment?
Azure Password Writeback
