Describe Azure architecutre and services: Describe Azure identity, access, and security Flashcards
What is Microsoft Entra ID?
A cloud-based identity and access management service that allows users to sign in and access Microsoft cloud applications, custom applications, and on-premises resources integrated with the cloud.
Who uses Microsoft Entra ID?
IT administrators to control access to apps and resources.
Developers for integrating single sign-on (SSO) and identity features.
End users for password resets and managing their credentials.
What is Microsoft Entra Connect?
A tool to synchronize on-premises Active Directory with Microsoft Entra ID, enabling a unified identity experience.
What authentication methods does Azure support?
Standard passwords, single sign-on (SSO), multifactor authentication (MFA), and passwordless authentication.
What is single sign-on (SSO)?
A method allowing users to sign in once and access multiple resources without needing to reauthenticate.
What is multifactor authentication (MFA)?
A security measure requiring two or more factors (something you know, have, or are) to verify identity.
What is passwordless authentication?
An authentication method that replaces passwords with alternatives like biometrics (e.g., fingerprints), PINs, or security keys.
What is Azure RBAC?
A system for managing access to Azure resources by assigning roles to users, groups, or applications at a specific scope.
What is the principle of least privilege in RBAC?
Users should only have the minimum access required to perform their tasks.
What scopes can roles be assigned to in RBAC?
Management groups.
Subscriptions.
Resource groups.
Individual resources.
What is Conditional Access in Microsoft Entra ID?
A tool that allows or denies access based on identity signals like location, device, or user role.
Give an example of a Conditional Access policy.
Requiring multifactor authentication for access when users sign in from an unknown location.
What is the Zero Trust model?
A security model that assumes a breach is possible and verifies every request regardless of the source.
What are the three guiding principles of Zero Trust?
Verify explicitly.
Use least privilege access.
Assume breach.
What is defense-in-depth?
A layered security strategy designed to protect data by slowing the advance of potential attacks.
What are the layers of defense-in-depth?
Physical security.
Identity and access management.
Perimeter security.
Network security.
Compute security.
Application security.
Data security.
What is Microsoft Defender for Cloud?
A monitoring tool for security posture management and threat protection across cloud, on-premises, and hybrid environments.
What are the three core functions of Defender for Cloud
Continuously assess security posture.
Secure workloads and services.
Defend against threats with alerts and threat protection.
How does Defender for Cloud integrate with Azure environments?
It provides built-in security monitoring and protection for Azure resources, including VMs, containers, and SQL databases.
What are external identities in Azure?
Users, devices, or services outside your organization that can securely interact with your resources using Microsoft Entra External ID.
What is Azure AD B2C?
A service enabling organizations to provide identity management for consumer-facing apps.
What is Microsoft Entra Domain Services?
A managed domain service providing domain join, LDAP, group policies, and authentication without managing domain controllers.
How does Microsoft Entra Domain Services synchronize information?
It performs one-way synchronization from Microsoft Entra ID to the managed domain.
