Implement and Manage Hybrid Identity Flashcards
What does each of these initialisms stand for?
- AADC
- PHS
- PTA
- SSO
- ADFS
- ADDCH
- Azure Active Directory Connect
- Password Hash Synchronization
- Pass-through Authentication
- Single Sign-on
- Active Directory Federated Services
- Azure Active Directory Connect Health
Within AADC, define synchronization.
Creates users, groups, other objects, and password hashes ensuring on-premises matches the cloud.
Within AADC, define password hash synchronization.
Sign-in method that synchronizes a hash of user’s on-premises AD password with Azure AD.
Within AADC, define pass-through authentication.
A sign-in method that allows users to use the same password on-premises and in the cloud, but doesn’t require the additional infrastructure of a federated environment.
Within AADC, define Federation integration.
An optional part of Azure AD Connect and can be used to configure a hybrid environment using an on-premises AD FS infrastructure.
Within AADC, define health monitoring.
Azure AD Connect Health provides robust monitoring.
What is the difference between PHS and PTA
PTA processes all authentication on-premises. PHS is just ensuring the same password exists in both places.
What are examples of when Azure AD doesn’t support the authentication requirement natively and a federated service is required?
- Smartcards or Certificates
- MFA Providers (not Microsoft)
- Authentication via 3rd Parties
- Sign in with sAMAccountName
How do you ensure business continuity when using Federated systems?
Load-balancing authentication requests among a server farm.
Which one of the following are require on-premises services?
A. PTA
B. Federated Services
A
B
What authentication service does Microsoft recommend to protect against on-premises authentication outages?
password hash synchronization
What subscription level does Microsoft include Identity Protection in?
Azure AD Premium 2
An attribute immutable during the lifetime of an object.
sourceAnchor (aka immutableID)
With federation, what attribute works with userPrincipalName to uniquely identify a user?
sourceAnchor
What attribute allows objects to “hard match” existing objects in Azure AD with on-premises objects.
sourceAnchor
What rules does the sourceAnchor attribute value follow? (7)
- less than 60 characters
- no special characters
- globally unique
- string, integer, binary
- not based on user’s name
- not case-sensitive
- assigned when object is created
What are the two most common object attributes used as a sourceAnchor?
- objectGuid
2. employeeID
What format is UPN syntax (RFC 822)?
username@domain
What attribute does Azure AD Connect use by default to authenticate a user?
UPN
Since a verified domain for the UPN suffix is required by Azure AD, what should you do before syncing user accounts?
Add and verify the UPN suffix (e.g. contoso.com) to Azure AD
Can Azure AD verify a non-routable domain (e.g. contoso.local)?
No
Objects from each connected directory (CD), the actual directories, are staged here first before they can be processed by the provisioning engine.
Connector Space (CS)