Describe access management capabilities of Microsoft Entra ID

Question 1

Conditional access

Answer 1

analyses signals including user, location, device, application, and risk to automate decisions for authorizing access to resources (apps and data).

Question 2

t or f

Conditional Access policies at their simplest are if-then statements

Answer 2

true

ex. Conditional Access policy might state that if a user belongs to a certain group, then they’re required to provide multifactor authentication to sign in to an application.

Question 3

A conditional access policy in Microsoft Entra ID consists of two components

Answer 3

assignments
access controls

Question 4

t or f

When creating a conditional access policy, admins can determine which signals to use through assignments

Answer 4

true

Question 5

Assignment portion of the policy controls:

Answer 5

who
what
where
when

Question 6

users and groups

Answer 6

assign who the policy will include or exclude

Question 7

cloud apps or actions

Answer 7

include or exclude cloud applications, user actions, authentication contexts

Question 8

conditions

Answer 8

define where and when the policy will apply.
sign in risk
user risk
device platform
IP location info
client apps
filters for devices

Question 9

access control

Answer 9

decision to block access, grant access, grant access with extra verification, or apply a session control

Question 10

grant access

Answer 10

Administrators can grant access without any additional control, or they can choose to enforce one or more controls when granting access.

Question 11

session

Answer 11

administrator can make use of session controls to enable limited experiences within specific cloud applications

Question 12

RBAC - role based access control

Answer 12

managing access using roles

Question 13

Does Microsoft Entra have built in and custom roles?

Answer 13

yes. these are consider a form of RBAC

Question 14

Built in roles

Answer 14

global administrator
user administrator
billing administrator

Question 15

Global administrator

Answer 15

users with this role have access to all administrative features in Microsoft Entra.

The person who signs up for the Microsoft Entra tenant automatically becomes a global administrator.

Question 16

User administrator

Answer 16

users with this role can create and manage all aspects of users and groups.

This role also includes the ability to manage support tickets and monitor service health.

Question 17

billing administrator

Answer 17

users with this role make purchases, manage subscriptions and support tickets, and monitor service health.

Question 18

Custom roles

Answer 18

a collection of permissions that you choose from a preset list

Question 19

t or f

Granting permission using custom Microsoft Entra roles is a two-step process

Answer 19

true

Question 20

what is the first step for granting permission using custom Microsoft Entra roles

Answer 20

eating a custom role definition, consisting of a collection of permissions that you add from a preset list

Question 21

what is the second step for granting permission using custom Microsoft Entra roles

Answer 21

assign that role to users or groups by creating a role assignment

Question 22

t or f

Microsoft Entra ID is an available service if you subscribe to any Microsoft Online business offer, such as Microsoft 365 and Azure.

Answer 22

true

Question 23

Microsoft Entra built in roles can be used in

Answer 23

Microsoft Entra specific roles
Service specific roles
Cross service roles

Question 24

Microsoft Entra RBAC

Answer 24

control access to Microsoft Entra resources such as users, groups, and applications.

Question 25

Azure RBAC

Answer 25

control access to Azure resources such as virtual machines or storage using Azure Resource Management.

Question 26

An organization plans to implement Conditional Access. What do admins need to do?

Answer 26

Create policies that enforce organizational rules.

Question 27

Sign-in risk is a signal used by Conditional Access policies to decide whether to grant or deny access. What is sign-in risk?

Answer 27

The probability that the authentication request isn’t authorized by the identity owner.

Question 28

IT admins have been asked to review Microsoft Entra roles assigned to users, to improve organizational security. Which of the following should they implement?

Answer 28

Replace global admin roles with specific Microsoft Entra roles