Describe Azure identity, access, and security

Question 1

Define ‘Microsoft Entra ID’

Answer 1

Cloud-based directory service that enables you to sign in and access both Microsoft cloud applications and cloud applications that use Entra ID as an IDP.

Question 2

What is Microsoft Entra ID also referred to as?

Answer 2

Identity and access management service.

Question 3

How can app developers leverage Microsoft Entra ID?

Answer 3

Adding SSO functionality to an app or enabling an app to work with a user’s existing credentials.

Question 4

What are the four main functions of Microsoft Entra ID?

Answer 4

1. Authentication
2. Single sign-on (SSO)
3. Application management
4. Device management

Question 5

Define ‘Microsoft Entra Connect’

Answer 5

Method of synchronizing user identities and changes to identities between on-premises AD and Entra ID.

Question 6

Define ‘Microsoft Entra Domain Services’

Answer 6

A cloud based DC; Provides managed domain services such as domain join, group policy, LDAP, and Kerberos/NTLM authentication.

Question 7

How can legacy applications leverage Microsoft Entra Domain Services?

Answer 7

Entra Domain Services lets you run legacy applications in the cloud that can’t use modern authentication methods.

Question 8

How is a Microsoft Entra Domain Service established?

Answer 8

By defining a unique namespace (domain name); A replica set (two DCs) of DCs are deployed into your azure region.

Question 9

Who manages the DCs that are apart of Microsoft Entra Domain Services?

Answer 9

The Azure platform manages, configures, updates, backups, and encrypts the replica set.

Question 10

How is information synched in a managed domain?

Answer 10

Configured to perform a one-way synchronization from Microsoft Entra ID to Microsoft Entra Domain Services.

Question 11

How is information synched in a hybrid AD and Entra ID domain?

Answer 11

Microsoft Entra Connect synchronizes identity information with Microsoft Entra ID, which is then synchronized to the managed domain.

Question 12

How are applications, services, and VMs in azure managed?

Answer 12

If they connect to a managed domain, they can used Microsoft Entra Domain Services.

Question 13

Define ‘Microsoft Entra multifactor authentication’

Answer 13

A Microsoft service that provides multifactor authentication capabilities.

Question 14

Define ‘passwordless authentication’

Answer 14

Replaces passwords with something you have, plus something you are, or something you know.

Question 15

How does passwordless authentication function?

Answer 15

Passwordless authentication needs to be set up on a device before it can work; The computer is registered to a user (something you have) and is tied to the users PIN/Fingerprint (something you know/something you are).

Question 16

What 3 forms of passwordless authentication integrate with Entra ID?

Answer 16

1. Windows Hello for Business
2. Microsoft Authenticator app
3. FIDO2 security keys

Question 17

What is the best use case for ‘Windows Hello for Business’

Answer 17

Ideal for information workers that have their own designated Windows PC.

Question 18

How does ‘Windows Hello for Business’ function?

Answer 18

The biometric and PIN credentials are directly tied to the user’s PC, which prevents access from anyone other than the owner.

Question 19

How is Windows Hello for Business convenient for the end user?

Answer 19

Uses PKI and SSO to provide seamless access to on-premises and cloud resources.

Question 20

How can the Microsoft Authenticator app be used for passwordless authentication?

Answer 20

Sends a notification to their phone, matching a number displayed on the screen to the one on their phone, and then using their biometric (touch or face) or PIN to confirm.

Question 21

Define an ‘external identity’

Answer 21

A person, device, service, etc. that is outside your organization.

Question 22

What are the 3 ways external identities are leveraged?

Answer 22

1. B2B collaboration
2. B2B direct connect
3. Microsoft Azure Active Directory business to customer (B2C)

Question 23

How do external identities function in B2B collaboration?

Answer 23

External users are able to sign-in and identity with your cloud applications; B2B collaboration users are typically represented in your directory as guest users.

Question 24

How do external identities function in B2B direct connect?

Answer 24

Establish a mutual, two-way trust with another Microsoft Entra organization for seamless collaboration in Microsoft Teams Channels allowing access to resources.

Question 25

How do external identities function in Microsoft Azure Active Directory business to customer (B2C)?

Answer 25

SaaS apps or custom-developed apps that use Azure AD B2C for identity and access management.

Question 26

Define the purpose of ‘Microsoft Defender for Cloud’

Answer 26

A monitoring tool for security posture management and threat protection.

Question 27

Define the function of ‘Microsoft Defender for Cloud’

Answer 27

Provides the tools needed to harden your resources, track your security posture, protect against cyber attacks, and streamline security management.

Question 28

How is Microsoft Defender for Cloud implemented?

Answer 28

Natively integrated to Azure.

Question 29

How can Microsoft Defender for Cloud be extended to hybrid and multi-cloud environments?

Answer 29

Azure Arc.

Question 30

What native azure services/applications can be protected by Microsoft Defender for Cloud?

Answer 30

Azure PaaS services, Azure data (SQL) services, and Networks/VMs.