Implement and Manage External Identities

Question 1

What makes it possible for you to allow people outside your organization to access internal resources?

Answer 1

Azure AD External Identities

Question 2

What does Azure AD External Identities focus on?
A. User’s Relationship to your Organization
B. How User wants to Sign In

Answer 2

B. How the user wants to sign in.

Question 3

By default, who invites external users?

Answer 3

Everyone

Question 4

Levels of ___________

• Turn off invitations
• Only admins and users in the Guest Inviter role can invite
• Admins, the Guest Inviter role, and members can invite
• All users, including guests, can invite

Answer 4

Azure AD B2B Invitation Policies

Question 5

What 3 actions are required for self-service app management or SAML-based apps?

Answer 5

1. Enable self-service group management for your tenant.
2. Create a group to assign to the app and make the user an owner.
3. Configure the app for self-service and assign the group to the app.

Question 6

How can a bulk list of external users be added to Azure AD?

Answer 6

Upload a CSV file

Question 7

PIM

Answer 7

Privileged Identity Management

Question 8

Describe the 4 States of Azure AD B2B accounts.

Answer 8

State 1: Homed in an external instance of Azure AD and represented as a guest user in the inviting organization. In this case, the B2B user signs in by using an Azure AD account that belongs to the invited tenant.

State 2: Homed in a Microsoft or other account and represented as a guest user in the host organization.

State 3: Homed in the host organization’s on-premises Active Directory and synced with the host organization’s Azure AD.

State 4: Homed in the host organization’s Azure AD with UserType = Guest and credentials that the host organization manages.

Question 9

What is the default source of a new Guest User?

Answer 9

Invited User

Question 10

When does the user account source update from Invited User?

Answer 10

When the external user accepts the invitation

Question 11

What user property indicates the user’s relationship to the host tenancy?

Answer 11

UserType

• Member
• Guest

Question 12

What user property indicuates how the user signs in?

Answer 12

Source

• Invited User
• External Azure AD
• Microsoft Account
• Windows Server AD
• Azure AD

Question 13

True or False:

UserType has a dynamic relationship to Source.

Answer 13

False

Question 14

SAML

Answer 14

Security Assertion Markup Language

Question 15

What two protocols facilitate direct federation with another organizations identity provider?

Answer 15

1. SAML 2.0

2. WS-Fed

Question 16

Can you use direct federation with a domain that is DNS-verified in Azure AD?

Answer 16

No

Question 17

Can Google federation be used with G Suite domains?

Answer 17

No

Question 18

If you remove direct federation and the external users access, how do you re-enable their access.

Answer 18

Rebuild the direct federation along with the affected user profiles.

Question 19

How do you connect a Facebook as an identity provider?

Answer 19

Self-service sign up or user flow

Question 20

Users assigned limited administrator directory roles can use the Azure portal to invite B2B collaboration users. You can invite B2B collaboration users to a directory or to a group. What other activities can B2B collaboration users be invited?

Answer 20

An application.

Question 21

Azure AD B2B can be configured to federate with identity providers that use either of two protocols. One protocol is Security Assertion Markup Language (SAML); what is the other protocol?

Answer 21

WS-Federation (WS-Fed)

Question 22

What are dynamic groups?

Answer 22

Dynamic groups are security groups whose memberships are based on user attributes (such as userType, department, or country/region).