DECK 1 Flashcards
Simplest Cloud Authentication?
What requires Password Hash Sync?
Entra Domain Services lets users sign in with corporate credentials
Password Hash Sync (sign in to cloud apps and on prem same time)
Entra Domain Services managed domain
What two roles required to host Entra Domain?
This authentication immediately enforces on prem user password policies
Federated auth uses a separate trusted system, such as on prem Active Directory Fed Services
-Application and Groups Admins
-Pass through auth
Entra ID can handle sign in without relying on on-prem
Pass through needs light weight agents installed on premises
Display name and user name are required when adding several users at once with a…
Bulk creation forms are found in 365 admin center> users > all users > bulk operations. Also in Entra too
-csv file
Global admins can do EVERYTHING
Least permissive roles for resetting passwords would be roles like password admin or…
Admins who make purchases and make support tickets and manage subscriptions
-helpdesk admin
-billing admins
Exchange admins view/manage inboxes
Only role that adds/manages domains and unblocks global admins
Global readers see what global admins can but can’t make changes
-global admins
Group admins manage settings across different admin centers for their groups
Helpdesk admins can monitor and manage service request/health. Can only help non-admin users
Helpdesk admins can also help other helpdesk and readers (except global)
….admins assign/remove licenses to users and groups
Role that reads privacy and security messages. Can see data privacy messages, like a Global admin
password admins reset passwords for who?
license
-message center privacy reader
-non admins and other password admins
Reports readers view usage/activity reports in 365, access Power BI adoption content pack, and access sign in reports in Entra ID
-Role that creates and manage search results
Role that can be added to user or admins to open/manage service requests, share message center post, an monitor service health
User admins can reset passwords for other user admins and non users
-Search admin
-Service Support
SETTING UP DNS MANUALLY
-Connect page > More options > Add your own DNS records. Can add what two files?
when adding domains, first custom domain is the default
-Zone or csv file
SERVICE TAB SETTINGS
-Adoption Score (manage privacy levels and exclude/include users)
-Azure Speech (disabled by default)
Bookings (choose whether available, can share externally or restrict data collection)
SERVICE TAB SETTINGS (Found in Org settings > Services
-Briefing email from VIVA (enabled by default; users can unsubscribe)
-Directory sync (link for AD Connect sync tool)
-Teams settings (enable or disable teams org wide, allow/disallow guest access)
SERVICE TAB SETTINGS
-……..(allow PII to be shared internally and whether to make data available to 365
-SHAREPOINT (enable/disable….
-REPORTS
-external sharing
SECURITY/PRIVACY TAB IN ORG SETTINGS
-can configure idle timeout and….
-Can also create privacy profile
-also has link to SSPR in Azure
-password expiry policy