Identity Management Flashcards
What is the name of the service providing managed domain services in Azure?
Azure Active Directory Domain Services
- provides a managed domain controller
- features: Domain Join, Group Policy, LDAP, Kerberos, NTLM
What are the two options for providing AD domain services in Azure?
- Install a domain controller on a VM (Active Directory Domain Services)
- Azure Active Directory Domain Services - managed domain controller
What are the main Azure AD features?
- Enterprise Identity Solution
- Single Sign-On for apps and infrastructure services
- Multifactor Authentication
- Self Service - password resets, access requests
What is the limit for # of objects and in what version of AAD?
Only FREE version has a limit of 500,000 objects.
What AAD license do you need for Identity Protection, PIM, Access Reviews, and 3rd party MFA?
Premium 2
What are the components of AD Connect?
- Synchronization Services
- Active Directory Federation Services (optional)
- Health Monitoring
AD Connect sync features
- Filtering - what objects are synced (e..g. what domains)
- Password hash synchronization - allows to keep your on-premises AD password policy
- Password writeback - users can change passwords in the cloud
- Device writeback - from AAD to AD for conditional access
- Prevent accidental deletes
- Automatic upgrade of AD Connect
What are the password sync options?
- Password Sync - passwords are kept in both AD DS and AAD
- Passthrough Authentication - AD DS is the source
- AD Federation Services - full federation across AD DS and Azure AD, along with other services or SaaS apps e.g. ServiceNow
What is the hybrid authentication option required by Identity Protection?
Password Hash Sync
What does Authentication Federation mean?
It means that authentication is handed over to a separate authentication system - allows to use smart cards. You can customize sign-in pages.
Which hybrid authentication option requires the least effort?
Password Hash Sync
What needs to be added to on-prem for passthrough authentication to work?
Authentication Agents need to installed on existing servers - recommended are 3
- hash sync can be used as backup
What does Identity Protection provide?
Leaked credential reports
In IAM Add role assignment, what are the 3 options for “Assign access to”?
- Azure AD user, group, or application
- User assigned managed identity
- System assigned managed identity
What are the two new roles that come with PIM?
Security Administrator and Privileged Role Administrator