Describe the function and identity types of Microsoft Entra ID

Question 1

what was Microsoft Entra ID formerly known as?

Answer 1

Azure Active Directory

Question 2

Microsoft Entra ID

Answer 2

cloud based identity and access management service

Question 3

why do organizations use Microsoft Entra ID?

Answer 3

to enable their employees, guests, and others to sign in and access the resources they need

Question 4

Individuals who use Microsoft Entra ID can access what resources?

Answer 4

Internal - apps on your corporate network and intranet, and cloud apps developed by your own organization.
External - Microsoft Office 365, the Azure portal, and any SaaS applications used by your organization

Question 5

t or f

Microsoft Entra ID can be synchronized with your existing on-premises Active Directory, synchronized with other directory services, or used as a standalone service

Answer 5

true

Question 6

can you use personal devices with Microsoft Entra ID?

Answer 6

yes, it allows organizations to securely enable the use of personal devices

Question 7

Identity Secure Score

Answer 7

a percentage that functions as an indicator for how aligned you are with Microsoft’s best practice recommendations for security

Question 8

t or f

Each improvement action in identity secure score is tailored to your specific configuration.

Answer 8

true

Question 9

t or f

Identity secure score, which is available in all editions of Microsoft Entra ID

Answer 9

true

Question 10

Helps you to objectively measure your identity security posture, plan identity security improvements, and review the success of your improvements

Answer 10

Identity secure score

Question 11

Tenant

Answer 11

information about a single organization resides including organizational objects such as users, groups, devices, and application registrations

contains access and compliance policies for resources, such as applications registered in the directory.

Each Microsoft Entra tenant has a unique ID (tenant ID) and a domain name (for example, contoso.onmicrosoft.com) and serves as a security and administrative boundary, allowing the organization to manage and control access to resources, applications, devices, and services

Question 12

Directory

Answer 12

logical container within a Microsoft Entra tenant that holds and organizes the various resources and objects related to identity and access management including users, groups, applications, devices, and other directory objects

the directory is like a database or catalog of identities and resources associated with an organization’s tenant

Question 13

Multi-tenant

Answer 13

more than one instance of Microsoft Entra ID

Question 14

Why do IT admins Microsoft Entra ID?

Answer 14

IT admins to control access to corporate apps and resources, based on business requirements

Question 15

Why do developers use Microsoft Entra ID?

Answer 15

as a standards-based approach for adding single sign-on (SSO) to their apps, so that users can sign in with their pre-existing credentials.

Microsoft Entra ID also provides application programming interfaces (APIs) that allow developers to build personalized app experiences using existing organizational data.

Question 16

Who uses Microsoft Entra ID?

Answer 16

IT admins
developers
Subscribers

Question 17

t or f

Subscribers to Azure services, Microsoft 365, or Dynamics 365 automatically have access to Microsoft Entra ID

Answer 17

true

Question 18

How many directories does a Microsoft Entra tenant consist of?

Answer 18

One

Question 19

Why would an organization have multiple tenants?

Answer 19

an organization has multiple subsidiaries or business units that operate independently, organizations that merge or acquire companies, multiple geographical boundaries with various residency regulations, and more.

Question 20

Types of identities in Microsoft Entra ID

Answer 20

user identities
workload identities
device identities
external identities
hybrid identities

Question 21

What are the three categories of which you can assign an identity to in Microsoft Entra ID?

Answer 21

humans
devices
software-based object- applications, VMs, services, containers

Question 22

User identities

Answer 22

represent people - employees and external users ( customers, consultants, vendors, partners)

Question 23

In Microsoft Entra ID, user identities are characterized by

Answer 23

how they authenticate and the user type property

Question 24

Workload Identities

Answer 24

Containers
VM
Application
Services

Question 25

Device Identities

Answer 25

mobile device
IoT/OT device
Desktop computers

Question 26

t or f

How the user authenticates is asked relative to the host organization’s Microsoft Entra tenant and can be internal or external

Answer 26

true

Question 27

Internal authentication

Answer 27

user has an account on the host organization’s Microsoft Entra ID and uses that account to authenticate to Microsoft Entra ID

Question 28

External authentication

Answer 28

user authenticates using an external Microsoft Entra account that belongs to another organization, a social network identity, or other external identity provider

Question 29

by default, what types of privileges do guest have

Answer 29

limited

Question 30

external guest

Answer 30

uses an external Microsoft Entra ID account, social identity, or other external identity provider to sign in

most external users fall into this catagory

Question 31

external member

Answer 31

uses an external account to authenticate but has member level access in your organization

common scenario in multi tenant organizations

Question 32

internal guest

Answer 32

has an account in your Microsoft Entra ID directory but only guest level access in your organization

often a legacy user created before the availability of Microsoft Entra B2B

Question 33

Internal member

Answer 33

has an account in your Microsoft Entra ID directory and member level access in your organization

generally considered employees of your organization

Question 34

t or f

External guests and external members are business-to-business (B2B) collaboration

Answer 34

true

Question 35

external guest users

Answer 35

consultants
vendors
partners

Question 36

workload identity

Answer 36

an identity you assign to a software workload

Question 37

t or f

In Microsoft Entra, workload identities are applications, service principals, and managed identities.

Answer 37

true

Question 38

t or f

A service principal is essentially, an identity for an application

Answer 38

true

Question 39

how does an application delegate its identity and access functions to Microsoft Entra ID?

Answer 39

the app must be registered with Microsoft Entra ID to enable it integration

Question 40

what happens once an application is registered?

Answer 40

a service principal is created in each Microsoft Entra tenant where the application is used

Question 41

what core functions does the service principal enable ?

Answer 41

authentication and authorization of the application to resources the are secured by the Microsoft Entra tenant

Question 42

Managed identities

Answer 42

type of service principle that are automatically managed in Microsoft Entra ID and eliminate the need for developers to manage credentials

Question 43

t or f

Managed identities provide an identity for applications to use when connecting to Azure resources that support Microsoft Entra authentication and can be used without any extra cost.

Answer 43

true

Question 44

Two types of managed identities

Answer 44

system assigned
user assigned

Question 45

System assigned managed identity

Answer 45

Azure resources. the identity is tied to the life cycle of the resource

Question 46

User assigned managed identity

Answer 46

can be created as a standalone Azure resource.

can be assigned to on or more instance of an Azure service

can be assigned to multiple VMs

Question 47

Microsoft Entra registered devices

Answer 47

BYOD

user can access your organizations resources using a personal device

Question 48

t or f

Microsoft Entra registered devices register to Microsoft Entra ID without requiring an organizational account to sign in to the device

Answer 48

true

Question 49

Microsoft Entra joined

Answer 49

is a device joined to Microsoft Entra ID through an organizational account

Question 50

Microsoft Entra hybrid joined devices

Answer 50

devices are joined to your on-premises Active Directory and Microsoft Entra ID requiring organizational account to sign in to the device

Question 51

t or f

Registering and joining devices to Microsoft Entra ID does not gives users Single Sign-on (SSO) to cloud-based resources

Answer 51

false

it does

Question 52

what can IT admins use to focus on mobile device management? (MDM)

Answer 52

Microsoft Intune

Question 53

t or f

In Microsoft Entra ID, if you have several identities with the same access needs, you can create a group

Answer 53

true

You use groups to give access permissions to all members of the group, instead of having to assign access rights individually

Question 54

t or f

Limiting access to Microsoft Entra resources to only those identities who need access is one of the core security principles of Zero Trust

Answer 54

true

Question 55

two types of groups

Answer 55

Security
Microsoft 365

Question 56

security group

Answer 56

the most common type of group and it’s used to manage user and device access to shared resources

Question 57

how can you create a security group?

Answer 57

requires Microsoft Entra administrator role

Question 58

t or f

security groups can be used for a specific security policy

Answer 58

true

For example, you may create a security group for a specific security policy such as Self-service password reset or for use with a conditional access policy to require MFA. Members of a security group can include users (including external users), devices, other groups, and service principals

Question 59

Microst 365 group

Answer 59

often referred to as a distribution group, is used for grouping users according to collaboration needs.

Question 60

t or f

Members of a Microsoft 365 group can only include users, including users outside of your organization.

Answer 60

true

Question 61

do you need an administrator role to create Microsoft 365 groups?

Answer 61

no

Question 62

how is hybrid identity accomplished?

Answer 62

through provisioning and synchronization

Question 63

inter directory provisioning

Answer 63

is provisioning an identity between two different directory services systems. For a hybrid environment, the most common scenario for inter-directory provisioning is when a user already in Active Directory is provisioned into Microsoft Entra ID.

Question 64

synchronization

Answer 64

responsible for making sure identity information for your on-premises users and groups is matching the cloud.

Question 65

cloud sync

Answer 65

designed to meet and accomplish your hybrid identity goals for the provisioning and synchronization of users, groups, and contacts to Microsoft Entra ID.

Question 66

how does cloud sync work?

Answer 66

cloud providing agent

The agent provides a lightweight inter-directory provisioning experience that acts as a bridge between Microsoft Entra ID and Active Directory

Question 67

what provisioning agent does Microsoft Entra Cloud Sync use?

Answer 67

system for Cross-domain Identity Management (SCIM) specification with Microsoft Entra ID to provision and deprovision users and groups

Question 68

SCIM

Answer 68

specification is a standard that is used to automate the exchanging of user or group identity information between identity domains such as Microsoft Entra ID and is becoming the de facto standard for provisioning.

Question 69

External identities

Answer 69

B2B collaboration
B2B direct connect
Microsoft Entra External ID for customers (preview)
Microsoft Entra multi tenant organization

Question 70

B2B collaboration

Answer 70

enables employees of an organization to collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise application

Question 71

B2B direct connect

Answer 71

create two-way trust relationships with other Microsoft Entra organizations to allow users to seamlessly sign in to your shared resources and vice versa

aren’t added as guest but are visible and can be monitored in Teams admin center reports

Question 72

Microsoft Entra External ID for customers (Preview)

Answer 72

new customer identity and access management (CIAM) solution

solution is intended for businesses that want to make applications available to their customers using the Microsoft Entra platform for identity and access

Question 73

capabilities included in Microsoft Entra External ID for customers (Preview)

Answer 73

SSO
Sign up and sign in pages to your apps
Add your company branding to the sign up page
provide self service account management

Question 74

Multi tenant organizations

Answer 74

has more than one instance of Microsoft Entra ID

use a one-way synchronization service called cross-tenant synchronization

Question 75

cross tenant synchronization

Answer 75

ensures that users can access resources, without receiving an invitation email and having to accept a consent prompt in each tenant

Question 76

A project manager is setting up a new project that includes members from different departments. The project manager wants to ensure that project team members can collaborate and have shared access to a mailbox, calendar, files, and the project’s SharePoint site. Which Microsoft Entra feature can the project manager use to accommodate this requirement, without having to involve an administrator?

Answer 76

Microsoft 365 group

Question 77

An organization has completed a full migration to the cloud and has purchased devices for all its employees. All employees sign in to the device through an organizational account configured in Microsoft Entra ID. Select the option that best describes how these devices are set up in Microsoft Entra ID

Answer 77

These devices are set up as Microsoft Entra joined.

Question 78

A developer wants an application to connect to Azure resources that support Microsoft Entra authentication, without having to manage any credentials and without incurring any extra cost. Which option best describes the identity type of the application?

Answer 78

Managed identity