Describe the function and identity types of Microsoft Entra ID Flashcards
what was Microsoft Entra ID formerly known as?
Azure Active Directory
Microsoft Entra ID
cloud based identity and access management service
why do organizations use Microsoft Entra ID?
to enable their employees, guests, and others to sign in and access the resources they need
Individuals who use Microsoft Entra ID can access what resources?
Internal - apps on your corporate network and intranet, and cloud apps developed by your own organization.
External - Microsoft Office 365, the Azure portal, and any SaaS applications used by your organization
t or f
Microsoft Entra ID can be synchronized with your existing on-premises Active Directory, synchronized with other directory services, or used as a standalone service
true
can you use personal devices with Microsoft Entra ID?
yes, it allows organizations to securely enable the use of personal devices
Identity Secure Score
a percentage that functions as an indicator for how aligned you are with Microsoft’s best practice recommendations for security
t or f
Each improvement action in identity secure score is tailored to your specific configuration.
true
t or f
Identity secure score, which is available in all editions of Microsoft Entra ID
true
Helps you to objectively measure your identity security posture, plan identity security improvements, and review the success of your improvements
Identity secure score
Tenant
information about a single organization resides including organizational objects such as users, groups, devices, and application registrations
contains access and compliance policies for resources, such as applications registered in the directory.
Each Microsoft Entra tenant has a unique ID (tenant ID) and a domain name (for example, contoso.onmicrosoft.com) and serves as a security and administrative boundary, allowing the organization to manage and control access to resources, applications, devices, and services
Directory
logical container within a Microsoft Entra tenant that holds and organizes the various resources and objects related to identity and access management including users, groups, applications, devices, and other directory objects
the directory is like a database or catalog of identities and resources associated with an organization’s tenant
Multi-tenant
more than one instance of Microsoft Entra ID
Why do IT admins Microsoft Entra ID?
IT admins to control access to corporate apps and resources, based on business requirements
Why do developers use Microsoft Entra ID?
as a standards-based approach for adding single sign-on (SSO) to their apps, so that users can sign in with their pre-existing credentials.
Microsoft Entra ID also provides application programming interfaces (APIs) that allow developers to build personalized app experiences using existing organizational data.
Who uses Microsoft Entra ID?
IT admins
developers
Subscribers
t or f
Subscribers to Azure services, Microsoft 365, or Dynamics 365 automatically have access to Microsoft Entra ID
true
How many directories does a Microsoft Entra tenant consist of?
One
Why would an organization have multiple tenants?
an organization has multiple subsidiaries or business units that operate independently, organizations that merge or acquire companies, multiple geographical boundaries with various residency regulations, and more.
Types of identities in Microsoft Entra ID
user identities
workload identities
device identities
external identities
hybrid identities
What are the three categories of which you can assign an identity to in Microsoft Entra ID?
humans
devices
software-based object- applications, VMs, services, containers
User identities
represent people - employees and external users ( customers, consultants, vendors, partners)
In Microsoft Entra ID, user identities are characterized by
how they authenticate and the user type property
Workload Identities
Containers
VM
Application
Services
Device Identities
mobile device
IoT/OT device
Desktop computers
t or f
How the user authenticates is asked relative to the host organization’s Microsoft Entra tenant and can be internal or external
true
Internal authentication
user has an account on the host organization’s Microsoft Entra ID and uses that account to authenticate to Microsoft Entra ID
External authentication
user authenticates using an external Microsoft Entra account that belongs to another organization, a social network identity, or other external identity provider
by default, what types of privileges do guest have
limited
external guest
uses an external Microsoft Entra ID account, social identity, or other external identity provider to sign in
most external users fall into this catagory
external member
uses an external account to authenticate but has member level access in your organization
common scenario in multi tenant organizations
internal guest
has an account in your Microsoft Entra ID directory but only guest level access in your organization
often a legacy user created before the availability of Microsoft Entra B2B
Internal member
has an account in your Microsoft Entra ID directory and member level access in your organization
generally considered employees of your organization
t or f
External guests and external members are business-to-business (B2B) collaboration
true
external guest users
consultants
vendors
partners
workload identity
an identity you assign to a software workload
t or f
In Microsoft Entra, workload identities are applications, service principals, and managed identities.
true
t or f
A service principal is essentially, an identity for an application
true
how does an application delegate its identity and access functions to Microsoft Entra ID?
the app must be registered with Microsoft Entra ID to enable it integration
what happens once an application is registered?
a service principal is created in each Microsoft Entra tenant where the application is used
what core functions does the service principal enable ?
authentication and authorization of the application to resources the are secured by the Microsoft Entra tenant
Managed identities
type of service principle that are automatically managed in Microsoft Entra ID and eliminate the need for developers to manage credentials
t or f
Managed identities provide an identity for applications to use when connecting to Azure resources that support Microsoft Entra authentication and can be used without any extra cost.
true
Two types of managed identities
system assigned
user assigned
System assigned managed identity
Azure resources. the identity is tied to the life cycle of the resource
User assigned managed identity
can be created as a standalone Azure resource.
can be assigned to on or more instance of an Azure service
can be assigned to multiple VMs
Microsoft Entra registered devices
BYOD
user can access your organizations resources using a personal device
t or f
Microsoft Entra registered devices register to Microsoft Entra ID without requiring an organizational account to sign in to the device
true
Microsoft Entra joined
is a device joined to Microsoft Entra ID through an organizational account
Microsoft Entra hybrid joined devices
devices are joined to your on-premises Active Directory and Microsoft Entra ID requiring organizational account to sign in to the device
t or f
Registering and joining devices to Microsoft Entra ID does not gives users Single Sign-on (SSO) to cloud-based resources
false
it does
what can IT admins use to focus on mobile device management? (MDM)
Microsoft Intune
t or f
In Microsoft Entra ID, if you have several identities with the same access needs, you can create a group
true
You use groups to give access permissions to all members of the group, instead of having to assign access rights individually
t or f
Limiting access to Microsoft Entra resources to only those identities who need access is one of the core security principles of Zero Trust
true
two types of groups
Security
Microsoft 365
security group
the most common type of group and it’s used to manage user and device access to shared resources
how can you create a security group?
requires Microsoft Entra administrator role
t or f
security groups can be used for a specific security policy
true
For example, you may create a security group for a specific security policy such as Self-service password reset or for use with a conditional access policy to require MFA. Members of a security group can include users (including external users), devices, other groups, and service principals
Microst 365 group
often referred to as a distribution group, is used for grouping users according to collaboration needs.
t or f
Members of a Microsoft 365 group can only include users, including users outside of your organization.
true
do you need an administrator role to create Microsoft 365 groups?
no
how is hybrid identity accomplished?
through provisioning and synchronization
inter directory provisioning
is provisioning an identity between two different directory services systems. For a hybrid environment, the most common scenario for inter-directory provisioning is when a user already in Active Directory is provisioned into Microsoft Entra ID.
synchronization
responsible for making sure identity information for your on-premises users and groups is matching the cloud.
cloud sync
designed to meet and accomplish your hybrid identity goals for the provisioning and synchronization of users, groups, and contacts to Microsoft Entra ID.
how does cloud sync work?
cloud providing agent
The agent provides a lightweight inter-directory provisioning experience that acts as a bridge between Microsoft Entra ID and Active Directory
what provisioning agent does Microsoft Entra Cloud Sync use?
system for Cross-domain Identity Management (SCIM) specification with Microsoft Entra ID to provision and deprovision users and groups
SCIM
specification is a standard that is used to automate the exchanging of user or group identity information between identity domains such as Microsoft Entra ID and is becoming the de facto standard for provisioning.
External identities
B2B collaboration
B2B direct connect
Microsoft Entra External ID for customers (preview)
Microsoft Entra multi tenant organization
B2B collaboration
enables employees of an organization to collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise application
B2B direct connect
create two-way trust relationships with other Microsoft Entra organizations to allow users to seamlessly sign in to your shared resources and vice versa
aren’t added as guest but are visible and can be monitored in Teams admin center reports
Microsoft Entra External ID for customers (Preview)
new customer identity and access management (CIAM) solution
solution is intended for businesses that want to make applications available to their customers using the Microsoft Entra platform for identity and access
capabilities included in Microsoft Entra External ID for customers (Preview)
SSO
Sign up and sign in pages to your apps
Add your company branding to the sign up page
provide self service account management
Multi tenant organizations
has more than one instance of Microsoft Entra ID
use a one-way synchronization service called cross-tenant synchronization
cross tenant synchronization
ensures that users can access resources, without receiving an invitation email and having to accept a consent prompt in each tenant
A project manager is setting up a new project that includes members from different departments. The project manager wants to ensure that project team members can collaborate and have shared access to a mailbox, calendar, files, and the project’s SharePoint site. Which Microsoft Entra feature can the project manager use to accommodate this requirement, without having to involve an administrator?
Microsoft 365 group
An organization has completed a full migration to the cloud and has purchased devices for all its employees. All employees sign in to the device through an organizational account configured in Microsoft Entra ID. Select the option that best describes how these devices are set up in Microsoft Entra ID
These devices are set up as Microsoft Entra joined.
A developer wants an application to connect to Azure resources that support Microsoft Entra authentication, without having to manage any credentials and without incurring any extra cost. Which option best describes the identity type of the application?
Managed identity
