Azure AD

Question 1

What type of user accounts exist only in Azure AD. These are typically used by small organizations that do not have on-premises servers or do not use AD DS to manage local identities.

Answer 1

Cloud-only identity User Accounts

Question 2

What type of user accounts originate in an on-premises AD DS and have a copy in the Azure AD tenant of a Microsoft 365 subscription.

Answer 2

Hybrid identity User Accounts

Question 3

In a Hybrid Identity Azure AD setup, most changes you make only sync in which direction?

Answer 3

Most on premise changes are synced to the Azure AD, any changes made directly in Azure will not get synced to the on premise AD.

Question 4

WHAT provides the ongoing account synchronization? It runs on an on-premises server, checks for changes in the AD DS, and forwards those changes to Azure AD.

Answer 4

Azure AD Connect

Question 5

What is Azure AD B2B?

Answer 5

It’s a feature within External Identities that lets you invite guest users to collaborate with your organization..

Question 6

What 4 Identity providers are supported for B2B external collaboration?

Answer 6

Microsoft Account
Azure Active Directory
Google Federation
SAML/WS-Fed identity provider (Direct Federation)

Question 7

What PowerShell module is needed to connect to Azure AD?

Answer 7

AzureAD Module

Question 8

What two PowerShell commands are needed to connect to your Azure AD environment?

Answer 8

Install-Module -Name AzureAD

Connect-AzureAD

Question 9

What type of file is needed when using the Bulk Create User feature in Azure AD portal?

Answer 9

Comma Separated Value file (.csv)

Question 10

What three Bulk User Operations are available in the Azure AD portal?

Answer 10

Bulk Create
Bulk Invite
Bulk Delete

Question 11

What are the 2 Azure AD group types??

Answer 11

Security and Microsoft 365 Groups

Question 12

What are the different Azure AD group membership types?

Answer 12

Assigned
Dynamic User
Dynamic Device

Question 13

What’s the differences between Assigned and Dynamic membership types?

Answer 13

Assigned - Manually add specific users to be members of the group.

Dynamic - Setup membership rules that will auto add and remove members/devices from the group.

Question 14

What two PowerShell cmdlets are used to create and add members to Azure AD Groups?

Answer 14

New-AzureADGroup

Add-AzureADGroupMember

Question 15

What PowerShell cmdlet is used to create a new Azure AD User?

Answer 15

New-AzureADUser

Question 16

What is an Azure AD user and group container analogous to organizational units (OU) in a local Active Directory?

Answer 16

Azure AD Administrator Units

Question 17

What’s the 2 primary reasons to utilize Administrative Units in an enviroment?

Answer 17

Logically organize your Azure AD users and groups

Delegate administrative permissions such as password resets and enforcing least-privileage administration.

Question 18

The goal of WHAT supports Bring Your Own Device (BYOD) or mobile device scenarios, allowing devices to be registered to Azure AD without requiring an organizational account to sign in to the device?

Answer 18

Azure AD Registered Devices

Question 19

Administrators can secure and further control Azure AD registered devices by using WHAT?

Answer 19

Mobile Device Management (MDM) tools like Microsoft Intune

Question 20

The goal of WHAT is to restrict devices only joined to Azure AD, requiring an organizational account to sign in to the device for access?

Answer 20

Azure AD Joined Devices

Question 21

What operating systems are supported for Azure AD Join?

Answer 21

Windows 10 (Not Home Edition)
Win Server 2019 running in Azure (Not Server Core)

Question 22

What operating systems are supported for Azure AD registered devices??

Answer 22

Windows 10
iOS
Android
MacOS

Question 23

If your environment has an on-premises AD footprint, and you also want to benefit from the capabilities provided by Azure Active Directory, you can implement WHAT type of joined devices?

Answer 23

Hybrid Azure AD Joined Devices

Question 24

What operating systems are supported for Hybrid Azure AD Joined Devices?

Answer 24

Windows 10, 8.1, and 7

Windows Server 2008/R2, 2012/R2, 2016, and 2019

Question 25

When an Azure VM is joined to the Azure AD, to allow a user to log in to the VM over RDP, you must first assign them one of WHAT roles.

Answer 25

Virtual Machine Administrator Login

Virtual Machine User Login

Question 26

The Virtual Machine Administrator Login and Virtual Machine User Login roles use dataActions and thus cannot be assigned at the management group scope. Currently, these roles can only be assigned WHERE?

Answer 26

Subscription, Resource Group, or Resource Scope.

Question 27

What is Azure Enterprise State Roaming (ESR)?

Answer 27

Provides the ability to securely synchronize their user settings and application settings data to the cloud. Gives users a unified experience across their Windows devices and reduces the time needed for configuring a new device.

Question 28

What five services are included in Azure Enpoint Manager?

Answer 28

Microsoft Intune
Configuration Manager
Desktop Analytics
Co-management
Windows Autopilot

Question 29

WHAT is a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM).

Answer 29

Microsoft Intune

Question 30

Microsoft suggests that you use WHAT as a way to onboard or enforce Azure MFA?

Answer 30

Conditional Access Policy

Question 31

WHAT is the tool used by Azure Active Directory to bring signals together, to make decisions, and enforce organizational policies?

Answer 31

Conditional Access Policies

Question 32

Conditional Access policies are enforced after WHAT is completed?

Answer 32

First-factor Authentication

Question 33

What are some common signals Condition Access can take into account when making a policy decision?

Answer 33

User or group membership 
IP Location information 
Device 
Application 
Real-time and calculated risk detection 
Microsoft Cloud App Security (MCAS)

Question 34

WHA is an Azure Active Directory (AD) feature that enables users to reset their passwords without contacting IT staff for help?

Answer 34

Self-Service Password Reset (SSPR)

Question 35

WHAT can be used to synchronize password changes in Azure AD back to your on-premises AD DS environment?

Answer 35

Azure Password Writeback