Design Identity and Access Management Flashcards

1
Q

Identity

A

We used to look at on Prem as being the trusted Premitter but its now just another resource, We can now orchestrate solutions based on Identity as center

  • User
  • Application/Service Principal
  • Managed Identities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Azure AD Tenant Architecture

A

Azure Active Directory is Global, the Azure Active Directory Tenant is an instance of the Azure AD service inside of the Azure Cloud

When we Create a Azure AD tenant we get a default domain name for that, like prefix.onmicrosoft.com

Azure Azure Directory Tenant is one to many relationship, where an AAD can be assigned to different subscription but a subscription can only have one AAD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

AZURE AD and Features

A

A global cloud-based identity service for Azure that provides Identity repository

  • IAM Platform
  • Identity Security > MFA and PIM
  • Collaboration and Development > B2B B2C
  • Monitoring > Audit logs, risk management, identity protech and security monitoring
  • Identity Integration > Hybrid Identity
  • Enterprise Access
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

AD vs AAD

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AZURE AD Hybrid Identities

A

Extending Identity and access into the cloud

  • Simplify the user login
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AZURE AD External Identities

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

AZURE AD Connect

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

AZURE AD Domain Services

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Azure Roles vs AD Roles

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

AZURE AD Roles

A

Set of roles that we have specifically for providing access to manage IDENTITY OBJECTS inside of our AD TENANT themselves like users, applications devices inside our AD tenant

Global Admin > manage Azure AD resources
Billing Admin > perform billing tasks
User Administrator > manage user and groups
Helpdesk Administrator > Password resets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AZURE Groups

A

Groups reduce the effect required to manage access

  • Assigned
    Group Admins/Owners determine Permission
    Manually Managed by Admin or Owners
  • Dynamic
    Device/User attributes
    Require AAD Premium P1 license
    Platform Managed no manually changes required

Permission > Security Groups
0365 > MS 0365 groups for Collaboration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AZURE Access Control

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AZURE Roles

A

Azure Roles are for resources inside our subscription.

  • Owner > Full access to resources and delegates access
  • Reader > Can only view Resources
  • Contributor > Create and manage resources but cannot manage the access
  • User Access Administrator > Can delegate access to resources but cannot manage them
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

AZURE Administrative Units

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

AZURE RBAC

A

RBAC = Who can do what and where

Azure RBAC

WHO > Security Principals > Users
What > Role Assignments > Roles
Where > Effeective Permissions > Scope

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

AZURE Device Management

A
17
Q

AZURE AD Identity Protection

A

Protecting Identities themselves from being compromised

  • Automate the detection and remediation
  • Risk Analysis related to data and reports
  • Export data and integrate with security tools

Requires Azure AD Premium P2 Licensing
Risk events
Risk Policies

18
Q

Sign-In Risk Policy

A
19
Q

User Risk Policy

A