Exam Summary - Azure Identities and Governance Flashcards
What Azure role(s) must you have before you can add or modify Azure identities (Users, Groups, Etc.)?
User Administator or Global Administrator Role
What are the two cloud identities?
Local Azure AD
External Azure AD
What is a Hybrid Identity?
An on premise to cloud directory-synchronized identity
What are the Azure Guest Identities?
Azure AD B2B Collaboration External Identities (Google, Facebook, Etc.)
What PowerShell module is needed to connect to Azure AD, and what is the command to install it?
AzureAD
Install-Module -Name AzureAD
What PowerShell command is used to connect to your Azure AD environment once the module as been installed?
Connect-AzureAD
What PowerShell command is used to create a new Azure AD user?
New-AzureADUser
What are your Azure group types?
Basic Group
Dynamic Group
What AD group allows you to Bulk add using CSV templates?
Basic Groups
What is a Dynamic AD Group?
Users can be added automatically and removed via Rules bases assignments determined by their user properties.
Can users be automatically assigned roles and licenses when added into a dynamic groups?
Yes
Which Azure AD group can you NOT manually add users or devices to?
Dynamic Groups
How/where can you manage user and group properties?
Modify user and group properties In the Azure portal
Modify using the PowerShell AzureAD module
Differentiate the difference between a “Cloud Device Administrator” and a “Device Administrator”
Cloud Device Admin:
Can add, enable, disable, and delete devices in Azure AD
Can NOT modify device properties
Device Admin:
Local machine Administrator
Can NOT modify the object in Azure AD
What’s the minimum required licensing needed for Azure guest accounts?
Requires Azure AD Premium P2
Although the invite needs to be reviewed, what roles can invite guest accounts into your Azure environment?
Administrators
Users
What roles are required to review guest account invites?
Global Administrator
User Administrator
Differentiate the difference between “Azure AD Registered” and “Azure AD Joined”
Azure AD Registered:
Personally Owned Device
MS Account or Local Account Sign-In
OS Supported - Win10, iOS, Android, macOS
Azure AD Joined:
Organization Owned Device
Azure AD Sign-In
OS Supported - Win10, Windows Server 2019 VMs in Azure
What licensing is needed enabling user’s Self-Service Password Reset functionality?
Azure AD Free:
Cloud-Only Password Change
Azure AD Premium P1 or P2
Cloud-Only Password Change
Cloud-Only Password Reset
Hybrid Password Change or reset with on-prem writeback
What are the “security principles” we can assign roles to in Azure?
Users
Groups
Service Principal
Managed Identity
What is the User security principal?
An individual who has a profile in Azure Active Directory. You can also assign roles to users in other tenants.
What is the Group security principal?
A set of users created in Azure Active Directory. When you assign a role to a group, all users within that group have that role.