General

Question 1

What is a resource group in Azure?

Answer 1

A resource group, groups the Azure resources into a logical group.

Question 2

What are resources in Azure?

Answer 2

A resource in Azure is like a VM, vNET, security group, etc

Question 3

I want to increase security for Azure logins, what options do i have?

Answer 3

You can use Azure MFA, MFA enables you to configure your login to ask for a second method when you are preforming a login, this ins in addition to your password and could be like a security question or mobile phone app or SMS message code.

Question 4

Is MFA a separate service or part of Azure AD?

Answer 4

Separate service in Azure

Question 5

I need to control the level of security requirements applied when a user login in from different location and the type of device they are using, how can i do this?

Answer 5

Use the Azure AD conditional access

Question 6

I need to provide an extra level of authentication when my user logs in to Azure AD, how can I do this?

Answer 6

Use the Azure NFA service to provide an extra level of AUTH like a SMS code sent to your phone.

Question 7

I would like to have the ability to take action and stop any user logging into Azure AD when there password is breached or available on the dark web.

Answer 7

Use Azure AD Identity Protection

Question 8

What is Enable Security defaults?

Answer 8

When you create a new tenant/AAD you get default security controls applied, in AAD console you can optionally turn this off.

Question 9

Can you describe the relation ship of the logical structures, like, tenant, subscription, resource groups?

Answer 9

At the top level is Azure Tenant, the tenant is a an AD tenants provisioned on the Azure Active Directory service and is a domain. This tenant can have one or more subscriptions attached to it, a subscription is a logical block containing the resources groups and the resources, it is also a billing and policy boundary. At the subscription level you also have the ability to set usage and quotas.

Question 10

Dose all Azure resources support tagging?

Answer 10

No

Question 11

Where or when would we use tagging?

Answer 11

• Cost managing
• Automation
• Governance

Question 12

What as Azure management groups?

Answer 12

Azure management groups enables a grouping of subscription so you can apply governance, policies, and enforce RBAC. So we can manage our subscriptions.

Question 13

Describe the logical separation of structures in Azure?

Answer 13

• Tenant (This is an AAD tenant)
• Subscriptions
• Resource groups

Question 14

Is billing applied at the Tenant level?

Answer 14

No, billing is applied at the subscription level

Question 15

How many levels can you have in a Azure Management Group?

Answer 15

Six

Question 16

I have a Azure Management Group, how do I apply a policy to the management group?

Answer 16

• Navigate to Azure Management Group service
• Add you management group
• Add subscriptions to management group
• Navigate to the policy
• Make policy additions and changes

Question 17

I have a Azure Management Group, how do I apply a RBAC to the management group?

Answer 17

• Navigate to Azure Management Group service
• Add you management group
• Add subscriptions to management group
• Navigate to the RBAC
• Make RBAC additions and changes

Question 18

What is RBAC?

Answer 18

It enables you control what AAD principles can access resources or carry out functions in Azure.

Question 19

What are the key components in RBAC?

Answer 19

• Principal (Users, Groups, Apps)

- Roles (owner, contributor, reader, backup operator)

Question 20

What are the two types of roles you can have?

Answer 20

• Managed (Azure managed roles)

- Users (Roles you create and manage)

Question 21

What is a scope?

Answer 21

A scope refers to the level you are applying something to, this can be, management groups, subscriptions, resource groups, resource.

Question 22

What is an Assignment?

Answer 22

This is where you take the principal, role and scope to apply RBAC

Question 23

What are the key components in a custom role?

Answer 23

[
{
“assignableScopes”: [
“/subscriptions/{subscriptionId1}”,
“/subscriptions/{subscriptionId2}”,
“/providers/Microsoft.Management/managementGroups/{groupId1}”
],
“description”: “Can monitor and restart virtual machines.”,
“id”: “/subscriptions/{subscriptionId1}/providers/Microsoft.Authorization/roleDefinitions/88888888-8888-8888-8888-888888888888”,
“name”: “88888888-8888-8888-8888-888888888888”,
“permissions”: [
{
“actions”: [
“Microsoft.Storage//read”,
“Microsoft.Network//read”,
“Microsoft.Compute//read”,
“Microsoft.Compute/virtualMachines/start/action”,
“Microsoft.Compute/virtualMachines/restart/action”,
“Microsoft.Authorization//read”,
“Microsoft.ResourceHealth/availabilityStatuses/read”,
“Microsoft.Resources/subscriptions/resourceGroups/read”,
“Microsoft.Insights/alertRules/”,
“Microsoft.Insights/diagnosticSettings/”,
“Microsoft.Support/*”
],
“dataActions”: [],
“notActions”: [],
“notDataActions”: []
}
],
“roleName”: “Virtual Machine Operator”,
“roleType”: “CustomRole”,
“type”: “Microsoft.Authorization/roleDefinitions”
}
]

Question 24

What is Azure policy used for?

Answer 24

Enables the enforcement of business rules and convention.

Question 25

I want to enforce tagging in Azure, how can i do this across subscriptions?

Answer 25

You can crate a Azure management group and then create/edit policy in the Manage group and add you subscriptions to the group.

Question 26

For Azure policies, what scopes do i have?

Answer 26

Management group, subscription, resource group, resource