Azure Entra ID Flashcards
In Azure what are your options if RBAC does not have the permissions you require in a built-in role?
You can opt to create a custom role with the permissions you require.
How do you create a Custom role using the portal?
1: Log in to Azure Portal
2. Search Entra ID
3. Search in the side panel for roles and administrators
5: Create a custom role
6. Enter name and description
7. Select permissions
8. Create role
In Azure RBAC, in what ways are all permissions defined by default?
Deny, you have to give permissions explicitly.
In Azure RBAC, can we set to deny permissions explicitly?
Yes, when using the JSON, we can use notActions
What happens if a user has several roles with permission?
The use gets tall the permissions of all the roles.
Are roles stored in the tennant they are created in?
Yes, they exist only in that tenant; if there is another tenant, the roles are not visible to the tenant.
Can you have custom roles for Azure Enntra ID
Yes, you cna have roles for Azure Entra ID
Can you use Deny for Azure Entyra ID roles?
No
Using Azure Entra ID, I require the ability to automatically grant new users access to resources; how can I achieve this?
You can create a dynamic group and set the attribute that is used to have the dynamic group add the user to the group. Use the dynamic group as part of the role /permission assignment for a resource or resource group. The user will automatically be added to the dynamic group, inherit the role/permissions, and get permission to access the resource or resource group.
In Azure Entra ID, can I add user devices and applications to a Dynamic group?
You can add users and devices but not applications.
What is a dynamic group in Azure Entra ID?
It is a group thet uses attributes to decide to add users or devices to the group automatically. For example, the group can be used when assigning roles to access resources.
I have an AD Domain on-prem running on a single server (domain controller). I want the domain users to be able to log on to the new Azure account (tenant) and access resources. I also wish to do the most minor work deploying and managing any solution. What solution best meets these requirements?
Use Azure Connect Cloud; this is a cloud-based solution thet is managed by Azure and will extend the on-prem into Azure Entra ID.
What is hybrid identity when using Azure Entra ID?
It’s where you have identities in Azure and on-prem, and they are synced somehow.
Describe Azure Entra ID Cloud Sync.
- This Azure cloud-based solution syncs on-prem AD and Azure Entra.
- Lifht weight agent deployed on-prem and managed using Azure Cloud Sync. Azure Cloud Sync management components are hosted in the Azure cloud, managed by Microsoft Azure, and configured by you.
I wnat to have a way to sync my on-prem AD with Azure Entra ID; I wnat the most minor management of infrastructure and software and always have the software up to date.
Azure Entra ID Cloud Sync is a PaaS service and continually updated automatically by Microsoft and is always up to date.
How can you centralize your organization’s identity when you have on-prem ADs from several organizations that were acquired?
Azure Cloud Sync enables the centralization of your identity.
I require a highly available method to sync my on-prem AD to Azure Entra ID. What is the best option, and why is it available?
Use Azure Sync Cloud with its ability to deploy multiple agents for highly available solutions.
I have 200K AD users on-prem and wnat to sync with Azure Entra ID; what are my best options?
When using Azure Cloud sync, there is a limit of 50K users, so deploy 4 instances and use OU filters for each instance.
What type of sync is Azure Entra Clouyd Sync using?
It’s using password hash sync.
Can Azure Entra ID Connect Sync connect to multiple separate AD forests?
No Azure Entra ID Connect Sync does not support this; use Azure Entra ID Cloud Sync.
Can Azure Entra ID Connect Sync connect to multiple active agents?
No Azure Entra ID Connect Sync does not support this; use Azure Entra ID Cloud Sync.
Does Azure Entra Coud Sync support passthrough?
No, Entra ID Cloud Sync does not. You can use the older Azure Entra ID Connect Passthrough, but Azure Entra Cloud Sybnnc is the preferred method, so relook at if passthrough is required.
What is a Disconnected Forest about AD?
This is a forest that is not connected with other forest.
Can Azure Cloud Sync deal with connected forests? Explain.
No, but Azure Entra ID Connect ID can.
The user is on the corporate network and logged in on their local device. The corporate AD is synced with Azure Enntra ID using a hashed password. Will the user be automatically logged in if they go to the Azure portal?
If seamless single sign-on (SSO) is enabled alongside password hash synchronization, users will not need to enter their passwords when signing into Azure services from domain-joined devices connected to the corporate network. In this scenario, Azure Entra ID recognizes the user from their on-premises credentials and automatically signs them in without requiring a password.
The user is on the corporate network and logged in on their local device. The corporate AD is synced with Azure Enntra ID using a password passthrough. Will the user be automatically logged in if they go to the Azure portal?
If seamless single sign-on (SSO) is enabled alongside password hash synchronization, users will not need to enter their passwords when signing into Azure services from domain-joined devices connected to the corporate network. In this scenario, Azure Entra ID recognizes the user from their on-premises credentials and automatically signs them in without requiring a password.
What is a device identity?
Device identity is an object in Microsoft Entra ID, similar to users, groups, or applications. It gives administrators information they can use when making access or configuration decisions.