Azure AD P2 Flashcards

1
Q

What is Identity Protection?

A

A tool derived from Microsoft’s learnings that allows organizations to accomplish three key tasks:

Automate the detection and remediation of identity-based risks

Investigate risks using data in the portal.

Export risk detection data to your SIEM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is PIM?

A

Privileged Identity Management (PIM) allows you to provide just-in-time (JIT) privileged access to Azure AD roles and Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How does PIM work?

A

Admin decide which users are eligible to request certain roles. When a request is made, an (optional) approval process is started and if the request is approved e-mails are sent to a list of people notifying them of the approval.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the 7 benefits of PIM?

A

Provide JIT privileged access to Azure AD and Azure resources

Assign time-bound access to resources using start and end dates.

Require approval to activate privileged roles.

Enforce multi-factor authentication to activate any role.

Get notification when privileged roles are activated

Conduct access reviews to ensure users still need roles

Download audit history for external or internal audit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does Identity Protection work?

A

By using signals to calculate sign-in risk and user risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is sign-in risk?

A

The probability that the sign-in wasn’t performed by the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is user risk?

A

The probability that the user identity has been compromised.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How are risks categorized?

A

Low
Medium
High

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the two Sign-In Risk signals?

A

Atypical travel - is the user in a unusual location based off their usual sign ins

Anonymous IP address - Did the user sign-in from an anon VPN or tor browser?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the five User Risk signals?

A

Unfamiliar sign-in properties

Malware linked IP address

Leaked credential

Azure AD threat intelligence

Password spray

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What three reports does Azure AD Identity Protection provide for admins?

A

Risky Users
Risky sign-ins
Risk detections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What can trigger Conditional Access into doing certain actions?

A

Risk levels

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Can Risk signals trigger remediation efforts and what are they?

A

Yes, it can. The efforts are

Perform MFA
Reset password (if self-service password is enabled)
Block account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly