Manage authentication by using Microsoft Entra ID Flashcards

1
Q

Microsoft Entra authentication includes the following components

A

Self service password reset
Microsoft Entra multifactor authentication
Hybrid integration to write password changed back to on premises environment
Hybrid integration to enforce password protection policies for an on premises environment
Passwordless authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

T or F

Microsoft Entra ID helps to protect a users identity and simplify their sign in experience

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Self - service

A

Allows password reset through a web browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Microsoft Entra multifactor authentication

A

additional form of authentication

ex. mobile app notification
phone call
text message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Passwordless authentication

A

security keys to sign in without the need for passwords

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Self service password reset

A

password change
password reset
account lock

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Mutilfactor authentication available for Microsoft Entra

A

Account lockout

Block/ unblock users

Report suspicious activity

notifications

open authorization tokens (OATH)

Phone call settings

providers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Account lockout

A

specify how many failed attempts

the lockout is only applied when a PIN code is entered for MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Block / unblock users

A

block MFA attempts - if device is stolen/lost

block last for 90 days

unblock users if fit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Where can you view suspicious activity events

A

in the audit logs and risk detection reports

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Report suspicious activity and fraud alert

A

If Fraud Alert is enabled with Automatic Blocking and Report Suspicious Activity is enabled, the user will be added to the blocklist and set as high-risk and in-scope for any other policies configured

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

OATH tokens

A

Microsoft Entra ID supports the use of OATH TOTP (Time-based One Time Password) SHA-1 tokens that refresh codes every 30 or 60 seconds

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

OATH TOTP

A

hardware tokens typically come with a secret key, or seed, pre-programmed in the token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Passwordless authentication options

A

Microsoft Authenticator
FIDO2- compliant security keys
Windows Hello for Business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What devices would be best for Microsoft Authenticator

A

Shared devices
Kiosks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What devices would be best for FIDO2 compliant security keys

A

Dedicated non-windows devices
Dedicated windows 10 computers
Kiosks and shared computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What devices would be best for Windows Hello for Business

A

Dedicated Windows 10 computers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

T or F

When you deploy passwordless authentication you should first enable one or more pilot groups

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Your communications to end users should include

A

Guidance on combined registration for both Microsoft Entra multifactor authentication and self-service password reset (SSPR)

Downloading Microsoft Authenticator

Registering in Microsoft Authenticator

Signing in with your phone

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

T or F
Microsoft Authenticator turns any iOS or Android phone into a strong, password less credential

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

T or F

Microsoft Entra logs registration of security keys and the Authenticator app, and any other changes to the authentication methods

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Active Directory Federation Services (AD FS) Integration

A

directed here if user chooses “use your password instead”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Device registration

A

to used the authenticator app for password less authentication, the device needs to be registered in the Microsoft Entra tenant and cannot be a shared device

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

3 types of passwordless sign in deployments available with security keys

A

Microsoft Entra web apps on a supported browser

Microsoft Entra joined Windows 10 devices

Microsoft Entra hybrid joined Windows 10 devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
For Microsoft Entra web apps and Microsoft Entra joined Windows devices, use:
Windows 10 version 1809 or higher using a supported browser like Microsoft Edge or Mozilla Firefox (version 67 or higher).
26
For hybrid Microsoft Entra domain joined devices, use:
Windows 10 version 2004 or later. Fully patched domain servers running Windows Server 2016 or 2019. Latest version of Microsoft Entra Connect.
27
How can you restrict keys
Authenticator Attestation GUID (AAGUID)
28
T or F Microsoft Entra Password Protection detects and blocks known weak passwords and their variants, and can also block weak terms that are specific to your organization
true
29
t or f On-premises deployment of Microsoft Entra Password Protection uses the same global and custom banned password lists that are stored in Microsoft Entra ID, and does the same checks for on-premises password changes as Microsoft Entra ID does for cloud-based changes
true
30
Domain Controllers (DCs)
never communicate directly with the internet
31
T or F Microsoft Entra Password Protection supports incremental deployment across DCs in a Microsoft Entra ID domain
True
32
When can the Microsoft Entra Password Protection DC agent software validate passwords?
When it's installed on a DC and only for password changes that are sent to that DC
33
How to guarantee consistent behavior and universal Microsoft Entra Password Protection?
DC agent software must be installed on all DCs in a domain
34
T or F Partial deployments aren't secure and aren't recommended for DC agent software
True. partial deployment should only occur for testing purposes
35
What does The Microsoft Entra Password Protection Proxy service run on
any domain joined machine in the current Microsoft Entra ID forest
36
What is the services primary purpose for Microsoft entry Password Protection Proxy?
to forward password policy download requests from DCs to Microsoft Entra ID and then return the responses from Microsoft Entra ID to the DC
37
Where does the password filter DLL of the DC Agent receive user password validation request from
The OS and then the filter forwards them to the DC agent service that is running locally on the DC
38
How does the DC agent service handle password validation requests?
processes them by using the current password policy and returns the result pass or fail
39
How often does the DC Agent service check the age of the current policy
hourly
40
What are Microsoft Entra Password Protection policies a combination of?
Microsoft global banned password list and. the per-tenant custom based password list
41
What does the DC Agent never listen on?
a network available port
42
T or F The proxy service is stateless
True it never caches policies or any other state downloaded from Azure
43
what happens if their is no password policy available on the local DC?
the password is automatically accepted and an event message is logged to warn the administrator
44
T or F there can be a delay between password policy configuration change
true
45
t or f Microsoft Entra Password Protection acts as a supplement to existing Microsoft entra ID policies, not a replacement
true
46
Microsoft Entra ID creates a certificate that is by default valid for how many years
3
47
where can you change the certificate duration?
in the microsoft entry admin center
48
When you enable federation on SAML application, Microsoft Entra ID does what?
Creates a certificate that is by default valid for 3 years
49
T or F Communication is critical to the success of any new service
True Make sure you were letting your users know that a change is coming, when it has arrived, and what to do now
50
SAML
Security Assertion Markup Language
51
T or F SSO for pre integrated enterprise applications are free
True
52
T or F Objects in your directory and features may require specific licenses
True
53
Shared accounts - SSO
create a security group for each combination of user set and credentials
54
T or F Choosing a SSO method depends on how the application is configured for authentication
True
55
Options for cloud applications to use SSO
OpenID Connect OAuth SAML password-based Linked
56
Can SSO be disabled?
yes
57
Options for on premises applications for SSO
password based Integrated Windows Authentication header-based linked
58
OpenID Connect and OAuth
if the application supports it
59
SAML
when possible for apps that dont use OpenID Connect or OAuth
60
Password-based
when the application has an HTML sign in page. password based is also known as password vaulting
61
Linked
choose linked when the application is configured for SSO in another identity provider service
62
Disabled
choose disabled SSO when the application isn't ready to be configured for SSO
63
Integrated Windows Authentication (IWA)
for apps that uses IWA or claims aware applications
64
Header based
for when the app uses headers for authentication
65
T or F You can integrate your cloud enabled SaaS applications with Microsoft Entra ID
True
66
Cloud enabled SaaS providers
Atlassian Cloud ServiceNow Slack SuccessFactors Workday
67
Cloud Integrations
AWS Alibaba Cloud (role bases SSO) Google Cloud Platform Salesforce SAP (Systems, Applications, and Products in Data Processing) Cloud Identity Platform
68
Integrating Slack with Microsoft Entra ID enables you to
control who has access to Slack in Microsoft Entra ID enable your users to be automatically signed in to Slack with their Microsoft Entra accounts manage your accounts in on central location
69
what is needed to integrate slack and microsoft entra id?
a microsoft entra subscription slack single sign on enameled subscription
70
How can you configure the integration of Slack into Microsoft Entra ID?
add Slack from the gallery to your list of managed SaaS apps
71
How to configure and test Microsoft Entra SSO for Slack
enable the feature to users and then create a test user
72
Configure Microsoft Entra SSO
must be signed on as at least a cloud application administrator go to - identity applications, enterprise applications, slack, single sign on on SSO page select SAML
73
DIDs
user generated, self owned, globally unique identifiers rooted in decentralized systems trust systems
74
what are verifiable credentials?
data objects consisting of claims made by the issuer attesting information about a subject
75
t or f the issuer's DID creates a digital signature as proof that they attest to this information
True
76
how do most organizations provide credentials to employees?
centralized identity systems
77
How decentralized identity systems work
the issuer, user, and relying party (RP) each have a role in establishing and ensuring ongoing trusted exchange of each others credentials.
78
What passwordless authentication methods does Microsoft recommend?
Windows Hello FIDO2 security keys Microsoft Authenticator app