Implement and manage identity and access Flashcards
Risk events are separated into what 3 types? How do you access these reports?
Risky Users, Risky Sign Ins, Risky Detections. To Access go to Azure Portal -> Azure Active Directory -> Security -> Identity Protection -> Reports
How do you configure Identity Protection Alerts?
Azure Portal -> Azure Active Directory -> Security -> Identity Proection -> Users at Risk Detected/Alerts
How do you access and implement the sign-in risk policy?
Azure Portal -> Azure Active Directory -> Security -> Identity Protection -> Sign-In Risk Policy
How do you implement the sign-in risk policy?
Setup Assignments (Users, Conditions)
Setup Controls - Access, Allow, Block, Require pw reset
Microsoft recommends set the threshold to “Medium”
How do you access the User Risk Policy?
Azure Portal -> Azure Active Directory -> Security -> Identity Protection -> User Risk Policy
How do you implement the User Risk Policy?
Setup Assignments (Users, Conditions)
Setup Controls
Microsoft recommends set the threshold to “High”
What behaviors are identified by sign-in risk policy?
This policy helps identify and respond to risky or unusual account sign-in behavior that might indicate the account has been compromised.
What types of behaviors will the sign-in risk policy detect?
Anonymous IP Address Atypical travel Malware-linked IP address Unfamiliar sign-in properties Admin-confirmed user compromised Malicious IP address Suspicious Inbox Manipulation Impossible travel
What behaviors are identified by User Risk Policy?
This policy helps identify and respond to user account behavior or activities that seem suspicious and indicate the account might have been compromised.
What types of behaviors are detected by the User risk policy?
Leaked Credentials
Azure AD Threat Intelligence
What are the 2 types of available Identity Protection policies?
User Risk Policy
Sign-in Risk Policy
What is Azure AD Identity Protection? What license is required?
Azure AD Identity Protection is an Azure AD Premium P2 feature that includes user risk and sign-in risk policies and alerts that help you stay on top of mitigating the potential of data loss.
How do you configure PIM roles?
Go to Azure Portal -> search for Azure AD Privileged Identity Management -> then Azure AD Roles settings
What is PIM?
Privileged Identity Management (PIM) enables your organization to protect important resources across Azure, Azure AD, Intune, and Office 365 apps & services by managing and auditing access to them.
How are Role assignments created?
portal. azure.com
- > click Subscriptions
- > then Access Control (IAM)
What is RBAC?
Azure Role-Based Access Control (RBAC) allows fine-grained access management of Azure resources. Allows you the ability to divide responsibility by role for and access to management of various machines, networks, resource groups, and so on.
What 3 components does RBAC consist of?
Security Principal - object requesting access (user, group, service, etc)
Role Definition - a set of permissions that defines the actions that can be performed
Scope - the resources to which access will be granted
In RBAC what is the scope resource hierarchy?
Management Group
- > Subscription
- > -> Resource Group
- > ->-> Resource
What is the default option when you create a Conditional Access Policy?
the default option is Report Only.
This is good for testing the effect the policy will have on users
Where do you create Conditional Access Policies?
Microsoft EndPoint Manager Admin Center
endpoint. microsoft.com
- > select Endpoint Security
- > Conditional Access
- >New Policy
Aside from Compliance Policies, you can configure general compliance settings, where?
Microsoft EndPoint Manager Admin Center
- > choose Device
- > Compliance Policies
- > Compliance Policy Settings
Where do you go to configure and manage device compliance for endpoint security?
Microsoft EndPoint Manager
endpoint. microsoft.com
- > select devices
- > Compliance Policies
- > Create Policy
How are Conditional Access Policies related to Compliance Policies?
Compliance policies are configured separately but they can be used within Conditional Access Policies.
What license is required for SSPR with Password write back?
Azure AD Premium P1 licenses
What license is required for Conditional Access Policies?
Azure AD Premium license & Intune (Intune or Enterprise Mobility + Security license)
To enable passwordless authentication you must sign in to the Azure Portal at?
portal.azure.cm
-> then select Azure Active Directory
-> Security
-> Authentication Methods
-> Authentication Methods Policy (Preview)
Then select either FIDO2 Security Key, Microsoft Authenticator Passwordless Sign In or Text Message
In order to implement Windows Hello for SSO the devices must be first?
Devices must first be joined to Azure AD and Intune-enrolled.
Windows Hello incorporates biometrics, device-specific pins and is exclusive to Windows 10 devices
MFA and other Sign-ons are reported in what report?
Azure AD’s Sign-Ins report
portal. azure.com
- > select Azure
- > Active Directory
- > User
- >Sign-Ins
Azure AD Security Defaults include
All users must register for Azure MFA
Admins must use MFA
Legacy authentication protocols are blocked
Users are required to perform MFA when necessary
Privileges such as access to Azure Portal have been restricted
What is involved in Azure AD Identity governance?
involved regularly analyzing and confirming or cleaning up group membership.
How do you manage Identity Governance?
Go to Azure AD -> select Identity Governance -> Access Reviews -> New Azure Premium P2 licensing is required
Security groups have an additional option for the membership type
Dynamic Device -> define the parameters of device properties for devices that will be included automatically
Membership for the group can be one of two Office 365 group types
Assigned - you manually declare who is part of the group
Dynamic User - you define parameters of user properties for accounts that will be included automatically
You can create 2 group types in Azure AD
Security - can be used to grant permission to shared resources
Office 365 - used to grant access to shared collaboration resources
How do you create an Azure AD group?
Azure AD -> Groups -> New Group
What is Microsoft Cloud App Discovery used for?
can be used to analyze existing SaaS app usage within your organization
What 6 things does Azure AD Connect Health allow you to identify and manage?
Email Notifications ADFS system Issues Quick agent installation Auto Upgrades Top Application usage Network locations & TCP connections
Azure AD Connect consists of what 3 essential components?
Synchronization services
Active Directory Federation Services (AD FS)
Health monitoring
Azure AD Connect Express settings include the following capabilities for Single AD forest setups
Configure sync of identities in the current AD forest
Configure PHS from on-premises AD to Azure AD
Start initial synchronization upon completion
Synchronize all attributes
Enable Auto Upgrade
Azure AD Connect is configured using “default authentication settings” refers to?
Express Settings
If Password Hash Synchronization (PHS) is not enabled?
You cannot utilize premium features in Azure AD, such as Identity Protection’s leaked credentials detection report.
What are the 2 distinct Federation (AD FS) Authentication Methods?
AAD relies on another authentication system
Ideal when smart cards, certifications, or third-party multifactor authentication (MFA) are required
What are the 2 distinct Pass-through Authentication (PTA) methods?
Password validation happens on-premises
Best for organizations that require on-premises authentication
What are the 4 distinct Password Hash Synchronization (PHS) authentication methods?
Simplest to deploy
No additional infrastructure required
Users use the same username/password as on-premises
**Some premium features in AAD require PHS, such as Identity Protection
-> Password Hashes are stored in the cloud
-> Requires password agent installation on servers
What are the 3 Microsoft 365 Hybrid Azure AD authentication methods?
Password hash synchronization (PHS) aka “same sign-on”
Pass-Through Authentication (PTA)
Federation (AD FS)
