Implement Azure Active Directory Flashcards
What tool is used to sync onprem Active Directory to Azure Active Directory?
Azure Active Directory Synchronization Services (AAD Sync)
If you dont want passwords syncing to Azure AD and want a single sign on experience what can you do/use?
Use a security token service (STS) or Active Directory Federation Service (AD FS) on-prem for authentication.
What is the default domain for an Azure subscription?
*.onmicrosoft.com
What 2 types of records can you use with your domain name registrar to verify you own the domain you are trying to add to your Azure subscription?
TXT (preferd) or MX Records
What is Cloud App Discovery?
A service you can use to discover cloud applications being used from within your organization leveraging and endpoint agent installed on the individual machines.
What are the two modes Azure Active Directory supports for single sign-on?
federation-based and password-based
What is the URL where users can access the Access Panel?
https://myapps.microsoft.com
What is the Graph API used for?
The graph API is used by applications to create, read, update, or delete directory objects in Azure Active Directory. An application must be configured for either the Read Directory Data or Read And Write Directory Data permissions to use the graph API.
What 2 security token formats does Azure Active Directory support?
SAML and JWT
True/False: The oauth2Permissions array node in a web service application’s manifest can be edited to allow the web service to be accessed from other applications registered in the directory, such as web applications or a native applications?
True, also its json
Which protocols does Azure Active Directory provide application endpoints for?
- WS-Federation
- SAML-P
- OAuth 2.0
The URL for a tenant-specific endpoint of SAML tokens?
https://sts.windows.net/
The URL for an application endpoint used to sign in and sign out users using the SAML-P protocol?
https://login.windows.net//saml2
The URL for an application endpoint used to sign in and sign out users using the WS-Federation protocol?
https://login.windows.net//wsfed
A developer building a web application for your organization needs the certificate that your Azure Active Directory uses to sign SAML tokens. Which application endpoint should you provide the developer?
The federation metadata document endpoint points to the metadata document for the Azure Active Directory, which contains the certificate used to sign SAML tokens.