Azure AD Authentication Flashcards

1
Q

What is authentication?

A

The process of verifying an identity to be legitimate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is authorization?

A

Verifying what access a user has.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is MFA?

A

Multi-factor authentication (MFA) is an authentication method that requires two of the following:

  • Something you know (Ex: password)
  • Something you have (phone, hardware key)
  • Something you are (biometrics)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the four additional authN methods Azure AD provides?

A

Microsoft Authenticator app
OATH Hardware token
SMS
Voice Call

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can admins disable certain authN methods?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is passwordless authN?

A

A authN method based on something you are.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three passwordless options?

A
  • Microsoft Authenticator Fingerprint Scan
  • FIDO2 Security Key
  • Windows Hello
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Windows Hello?

A

A authN feature built in Windows 10 that uses biometric verification (fingerprint, face) or Pin.

Windows hello lets users authenticate to a microsoft account, an AD account, an Azure AD account, or an identity provider service

Its safer than a password because it is tied to a device, not profile, and authenticates to MS Accounts, AD/ Azure AD accounts or/and Any Identity Provider that supports FIDOv2.0

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Why is Windows Hello secure?

A

Because the biometric/Pin is tied to the device, so a bad actor would need hardware and pin/biometric proof to unlock.

In addition, the Biometric data/pin is stored on the local device so a hacker can’t intercept it over the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Is the Windows Hello pin backed by a Trusted Platform Module (TPM) chip?

A

Yes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the key features of Windows Hello for Business?

A
  • Configured by group policy or MDM
  • Always uses key-based or certificate-based authentication
  • Pin authentication is disabled by default.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is TPM and how does it make Windows Hello secure?

A

Trusted Platform Module is integrated with the device and cannot be separated from the device.
A reason why some laptops cannot be upgraded to Windows 11 which requires TPM 2.0 compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly