Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Microsoft MS-102 365 Admin > Azure AD Identities > Flashcards

Azure AD Identities Flashcards

1
Q

Synchronized Identities

A

A common identity model where directory objects are synced from on-premises to the cloud. Provides two options: Password Hash Sync and Pass-thru Authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Password Hash Sync

A

Directory objects are synced from on-premises to the cloud, with password hashes also synced. Users and groups are managed on-premises. Supports seamless Single Sign-On (SSO).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Pass-thru Authentication

A

Directory objects are synced from on-premises to the cloud, with user credentials validated on-premises via a software agent. Users and groups are managed on-premises. Supports seamless Single Sign-On (SSO).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Choosing between Password Hash Sync and Pass-thru Authentication

A

Password Hash Sync is simpler, but Pass-thru Authentication should be used if company policies require on-premises authentication. Both options support seamless Single Sign-On (SSO).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Federated Identities

A

An identity model that provides single sign-on (SSO) with two options: Federation with Active Directory Federation Services (ADFS) and Federation with a third-party identity provider.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Federation with Active Directory Federation Services (ADFS)

A

Directory objects are synced from on-premises to the cloud, users and groups are managed on-premises, and SSO is provided. Allows for additional authentication requirements, such as smart cards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Federation with a third-party identity provider

A

Directory objects are synced from on-premises to the cloud, users and groups are managed on-premises by the third-party identity provider, and the sign-on experience is provided by the third-party solution. Ensure the third-party provider is supported by Azure AD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Adding a Cloud User in Microsoft 365 Admin Center

A

Navigate to Users > Active users > Add a user. Fill in the user’s name, username, domain, location, and contact information. Set a password and choose roles, product licenses, and services. Click on Add.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Deleting a Cloud User in Microsoft 365 Admin Center

A

Select the user, click on the ellipses at the top, and choose Delete user. Consider the implications for OneDrive content and emails. Deleted users’ data is retained for up to 30 days, unless a specific retention policy is in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Managing Synchronized Users in Microsoft 365

A

To manage synchronized users, make changes directly in the on-premises directory. Changes will be synchronized to Office 365. To delete a synchronized user, do so on-premises, and the deletion will be synced to Office 365.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Creating users in Azure AD portal

A

Users can be created in the Azure AD portal, accessible from the Microsoft 365 admin center. This offers similar options as the Microsoft 365 admin center, but with more configuration choices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Assigning roles in Azure AD portal

A

When creating a user in the Azure AD portal, you can assign a role such as User, Global admin, or Limited administrator (similar to Customized administrator in Microsoft 365 admin center).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Setting usage location for users in Azure AD portal

A

Before assigning a license to a user, set the usage location. Usage location determines which features are available to the user based on their country, as some features are not available in certain locations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Assigning licenses in Azure AD portal

A

After setting the usage location, assign licenses to users by selecting a subscription and configuring assignment options to choose which services the user can access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Deleting users in Azure AD portal

A

Users can be deleted in the Azure AD portal, but ensure proper governance is in place. Pay attention to OneDrive for Business and emails, as deleted user data is available for up to 30 days by default before being permanently deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Managing multiple users with PowerShell

A

To manage multiple users simultaneously, use PowerShell with the MSOnline Module or the Azure AD Module.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

MSOnline Module

A

The MSOnline Module uses MSOnline Cmdlets and has been around for some time but is meant to be deprecated according to Microsoft.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Azure AD Module

A

The Azure AD Module uses cmdlets with the Azure AD prefix and is the recommended module to use since MSOnline Module will be deprecated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Creating users with MSOnline Module

A

Import a CSV file with user data and use a for each loop with the New-MsolUser cmdlet, which generates a random password for each user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Deleting users with MSOnline Module

A

Import a CSV file with user data and use a for each loop with the Remove-MsolUser cmdlet, using the User Principal Name as the parameter.

21
Q

Creating users with Azure AD Module

A

Import a CSV file with user data and use a for each loop with the New-AzureADUser cmdlet. This module requires providing a password for each user.

22
Q

Deleting users with Azure AD Module

A

Import a CSV file with user data and use a for each loop with the Remove-AzureADUser cmdlet, using the Object ID (User Principal Name) as the parameter.

23
Q

Managing multiple groups with PowerShell

A

o manage multiple groups simultaneously, use PowerShell to connect to Exchange Online and Azure AD.

24
Q

Connecting to Exchange Online with PowerShell

A

Use the New-PSSession cmdlet to create a session with Exchange Online and the Import-PSSession cmdlet to import that session.

25
Q

Connecting to Azure AD with PowerShell

A

Use the Connect-AzureAD cmdlet and provide your credentials to connect to Azure AD.

26
Q

Creating multiple Office 365 groups using PowerShell

A

Import group data from a CSV file, then use a foreach loop with the New-UnifiedGroup cmdlet to create the groups.

27
Q

Deleting multiple Office 365 groups using PowerShell

A

Import group data from a CSV file, then use a foreach loop with the Remove-UnifiedGroup cmdlet to delete the groups.

28
Q

Importance of removing PowerShell sessions

A

Use the Remove-PSSession cmdlet to disconnect from Exchange Online before closing the PowerShell window, as closing the window will not automatically disconnect you.

29
Q

Azure AD access reviews

A

Azure AD access reviews help manage group memberships, access to corporate applications, and review user access regularly. This feature requires an Azure AD Premium P2 or EMS E5 license and ensures that the right people have the right access.

30
Q

What does the access review email contain?

A

The email contains information about the group membership to review and the deadline to complete the review.

31
Q

How can you start the access review process?

A

Click on “Start review” in the email to be redirected to the access panel.

32
Q

Where can you view Microsoft recommendations for users during access reviews?

A

In the access panel under the “Access Info” column.

33
Q

How can you change the recommended action for a user?

A

Click on the “Recommended Action” dropdown and select “Approve” or “Deny” and provide a reason.

34
Q

How to accept all recommendations during an access review?

A

Click on “Accept recommendations” and confirm the summary for the group.

35
Q

Where can the IT team view the access review report?

A

The progress and results will be visible in the Azure AD Portal.

36
Q

How can you view the report for a specific access review?

A

Click on Access Reviews, go to Controls, and select the access review you’re interested in.

37
Q

What can you find in the Overview blade of an access review report?

A

A graphical overview of the access review results, such as the number of users approved or denied.

38
Q

What information is available in the Results section?

A

The current users of the group, the outcome (approved or denied), the reason for the outcome, the reviewer, and the Microsoft recommended action.

39
Q

How can you stop an access review from reoccurring or reset it?

A

In the Results section of the access review report, you can find options to stop the review from reoccurring or reset it.

40
Q

What format is the downloaded access review report in, and what information does it contain?

A

The report is in CSV format and contains the same information found in the Azure AD portal, such as users, outcomes, reasons, and recommendations.

41
Q

Where can you set a password policy for cloud users in Microsoft 365 admin center?

A

Navigate to Settings, then Security and Privacy.

42
Q

What is the default password expiration setting in the Microsoft 365 admin center?

A

The default setting is “Never,” meaning user passwords never expire.

43
Q

How can you change the password expiration settings in Microsoft 365 admin center?

A

Click on Edit in the Password Policy section, toggle the setting to Off, and set the number of days before passwords expire and the expiration reminder.

44
Q

What is the maximum value for the number of days before passwords expire and the reminder?

A

The maximum value for password expiration is 730 days, and the reminder can be set up to 30 days before expiration.

45
Q

What is Self-service Password Reset (SSPR)?

A

SSPR is a feature that allows users to reset their own password without an admin doing it for them.

46
Q

What are the licensing requirements for SSPR?

A

For Cloud users, you need Azure AD Basic, Premium P1 or P2, or Microsoft 365 Business subscription. For synchronized on-premises AD users, you need Azure AD Premium P1 or P2 or Microsoft 365 Business subscription and enable password writeback on AD Connect.

47
Q

How can you enable SSPR in the Azure AD Portal?

A

Navigate to Azure Active Directory, click on password reset, and choose whether to enable SSPR for selected or all users. Save the changes.

48
Q

What authentication methods are available for SSPR?

A

Email, mobile phone, office phone, security questions, and mobile app code (currently in preview).

49
Q

What is the maximum number of days before users are asked to reconfirm their authentication information in SSPR?

A

The maximum is 730 days. Setting it to zero means they will never be prompted to reconfirm.

Microsoft MS-102 365 Admin (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions