Implement Initial configuration of Azure Active Directory Flashcards
What licenses do you require to have Company Branding
Azure AD Premium 1, Premium 2, or Office 365 (365 apps)
Global Administrator
- Manage access to all admin in features in Azure AD
- Assign admin roles
- Resets passwords for any other users
User Administrator
- Creates & managers all of aspects of users and groups
- Manage support tickets
- Monitor service health
- Change passwords for users, helpdesk admins and user admins
Billing Administrator
- Make purchases
- Manages Subscriptions
- Manage support tickets
- Monitors service health
Azure Roles
- Manage access to Azure resources
- Scope can be specified at multiple levels (management group, subscription, resource group, resource)
- Role info can be accessed in the Azure portal, Azure CLI, Azure Powershell, ARM templates, and REST API
Azure AD Roles
- Manage access to Azure AD resources
- Scope is at tenant level or can be applied to an Administrative Unit
- Role info can be accessed in the azure admin portal. M365 admin center, Microsoft Graph, Azure AD Powershell
What is an Administrative Unit
- Administrative Units are resources that can be containers for other Azure AD resources.
- An administrative unit can only contain users or groups
What is an Application Administrator
Grants the ability to manage all applications in the directory, including registrations, SSO-settings, user and group assignments, licensing Application Proxy settings, and consent.
- Doesn’t let you manage Conditional Access.
What is a Cloud Application Administrator
Grants the same as an Application Administrator except Application Proxy Settings (due to no on-prem permission)
What is an Enterprise Application Owner
Grants the ability to manage the enterprise app that the users own including SSO-settings, users, and group assignments, adding more owners.
- Doesn’t grant you the ability to manage App Proxy settings or Conditional Access.
What is an Application Registration Owner
Grants the ability to manage application registrations for apps that the user owns, including the app’s manifest and adding other owners.
What is an Application Registration Owner
Grants the ability to manage application registrations for apps that the user owns, including the app’s manifest and adding other owners.
What is a permission
Consent or authorization to perform a specific action.
Default permissions for a Member
Manage their profile photo, and mobile number, change their own password and invite, B2B guests. Can read all directory information.
Default permissions for a guest
Manage their own profile, change their own password, and retrieve some info about other users.
- Can also be added to administrator roles, which grant them full read and write permissions contained in the role.
- Guests can invite other guests
- Can’t read all directory info (e.g. list of users, groups etc)