Entra ID Flashcards

1
Q

What is Microsoft Entra ID and its primary purpose?

A

Microsoft Entra ID is a centralized identity and access management tool that controls access to on-premises, cloud, and personal devices. It allows IT administrators, developers, and subscribers to manage identities and access across multiple environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What was Microsoft Entra formally known as?

A

It was formerly known as Azure Active Directory (AAD).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who are the primary users of Microsoft Entra ID?

A

The primary users of Microsoft Entra ID are IT administrators, developers, and subscribers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the Identity Secure Score in Entra ID?

A

The Identity Secure Score is a tool that measures an organization’s identity and access management setup against Microsoft’s best practices, helping organizations improve their security posture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the difference between a Tenant and a Directory in Entra ID?

A

A tenant is an instance of Entra ID, while a directory is a container within the tenant that holds key resources and objects. Each tenant has one directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the 3 types of identities in Entra ID?

A

User Identities (employees, partners, etc.)

Workload Identities (applications, VMs, etc.)

Device Identities (mobile devices, desktops, etc.)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How do Internal and External User Identities differ?

A

Internal User Identities are for employees and internal members of the organization.

External User Identities are for B2B collaborators, like guests or external members. External users often have more restrictive permissions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the difference between System-Assigned and User-Assigned Managed Identities?

A

System-Assigned Managed Identities are tied to a specific Azure resource (like a VM) and are deleted when the resource is shut down.

User-Assigned Managed Identities are independent of any Azure resource and can be shared across multiple resources. They persist even after resources are deleted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the purpose of creating groups in Entra ID, and what are the 2 main types of groups?

A

Groups are used to bundle user identities to grant them the same access rights and permissions. The two main types of groups are:

Microsoft 365 Groups: For collaboration, can be created by anyone, and is for user identities only.

Security Groups: Created by an Entra ID admin and used to enforce security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Hybrid Identity, and why is it important?

A

A Hybrid Identity provides a single identity for users across both on-premises and cloud services. It is important because most organizations use a mix of on-prem and cloud environments, and Hybrid Identity enables seamless access between the two.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the difference between Workforce Tenant and External Tenant in Entra ID?

A

A Workforce Tenant is an internal tenant used for the organization’s internal workforce, but it can also allow external users for B2B collaboration.

An External Tenant is a client-facing tenant used to deploy apps and services to external users or customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an External Identity in Entra ID?

A

An External Identity is an identity that allows users from outside the organization to register and collaborate within an Entra ID tenant. This is often used for B2B collaboration.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Conditional Access Policy (CAP) in Microsoft Entra ID?

A

A Conditional Access Policy (CAP) is a security feature that adds an extra layer of protection, controlling who can access an organization’s data, services, and environment. CAPs work like “if-else” statements, using identity signals like user, device, and location to determine access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the two main components of a Conditional Access Policy?

A

Assignment: Defines “Who, What, When, and Where” the policy is applied, using logical AND to combine multiple conditions.

Access Control: Defines the access action, which can be:
- Block Access
- Grant Access (with or without additional requirements like MFA)
- Session Control (e.g., blocking certain actions or access to sensitive content)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How does Microsoft Entra ID’s Conditional Access policy function like an “if-else” statement?

A

Conditional Access Policies evaluate a set of if conditions (like user, location, device, etc.). If the conditions are met, then an access control action is applied (block, grant, or session control).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Microsoft Global Secure Access?

A

Microsoft Global Secure Access is a Zero Trust security approach that provides secure access for network traffic. It includes two main services:

Entra Internet Access: For secure access to SaaS and external applications.

Entra Private Access: For secure access to internal, on-premises resources, replacing traditional VPNs

17
Q

What is the purpose of the Security Service Edge (SSE) in Microsoft Entra?

A

Security Service Edge (SSE) integrates Entra Internet Access and Entra Private Access to provide a unified security solution for network access, enabling secure access to both external and internal resources.

18
Q

How does Microsoft Entra Internet Access secure access to SaaS solutions?

A

It acts as a Secure Web Gateway (SWG), ensuring that all traffic between users and external SaaS applications is secured and monitored.

19
Q

Why does Microsoft Entra Private Access eliminate the need for VPNs?

A

Entra Private Access removes the need for VPNs by using enterprise application containers. These containers act as brokers for access to protected resources, allowing access to be managed through Conditional Access Policies.

20
Q

What are the two main access features of Microsoft Entra Private Access?

A

Quick Access: Provides fast, seamless access for users.

Global Access: Allows for granular access control by assigning different Conditional Access Policies (CAPs) for specific users or groups.

21
Q

What information is available in the Global Secure Access Dashboard?

A

The Global Secure Access Dashboard displays network traffic data from Entra Internet Access and Entra Private Access, offering insights into user activity, network usage, and access patterns.

22
Q

What is Role-Based Access Control (RBAC) in Microsoft Entra ID?

A

RBAC is a system for managing access to resources based on user roles. It assigns permissions based on a user’s role within the organization, ensuring least privilege access.

23
Q

What are the three built-in roles in Microsoft Entra ID?

A

Global Administrator
Billing Administrator
User Administrator

24
Q

Can custom roles be created in Microsoft Entra ID?

A

Yes, organizations can create custom roles in Microsoft Entra ID to define specific permissions beyond the default roles.

25
Q

What is the purpose of Microsoft Entra Role-Based Access Control (RBAC)?

A

The purpose of RBAC is to ensure users have only the permissions they need to perform their tasks. It reduces the risk of over-permissioning and supports the principle of least privilege.

26
Q

How do Conditional Access Policies (CAPs) enhance security?

A

CAPs enforce security by allowing or blocking access based on signals like user identity, device, location, and more. This dynamic, context-based access control reduces the risk of unauthorized access.

27
Q

What is the role of enterprise application containers in Entra Private Access?

A

Enterprise application containers broker access to private resources. Each container is associated with a protected resource, and Conditional Access Policies are assigned to the container to manage user access.