Manage Azure identities and governance

Question 1

Azure AD

Answer 1

Azure Active Directory

Question 2

Azure AD: Single sign-on (SSO) access

Answer 2

Users can sign in with the same set of credentials to access all their apps

Question 3

AAD: Ubiquitous device support

Answer 3

it supports a lot of devices

Question 4

AAD: secure remote access

Answer 4

Securing remote access for on-premises web apps. Things like MFA, conditional access policies, and group based access management

Question 5

AAD: cloud extensibility

Answer 5

act as a complete source of data for users, groups, passwords, and access to devices

Question 6

AAD: sensitive data protection

Answer 6

Admins can monitor for suspicious sign-in activity and potential vulnerabilities

Question 7

AAD: Self-service support

Answer 7

You can delegate tasks

Question 8

AAD concept: Identity

Answer 8

An identity is an object that can be authenticated. Could be a user with a username and password. Could also be applications or other servers that require authentication by using secret keys or certificates

Question 9

AAD concept: Account

Answer 9

An account is an identity that has data associated with it. You need an identity first

Question 10

AAD concept: AAD account

Answer 10

An AAD account is an identity that’s created through AAD or another microsoft cloud service.

Question 11

AAD concept: tenant

Answer 11

A single dedicated and trusted instance of Azure AD. Each tenant aka directory represents a single organization

Question 12

AAD concept: subscription

Answer 12

an azure subscription is used to pay for azure cloud services. a tenant can have multiple subscriptions

Question 13

What are the four AAD editions?

Answer 13

Free, Microsoft 365 apps, premium p1, and premium p2

Question 14

What is SSPR

Answer 14

Self Service password reset.

Question 15

user account: cloud identity

Answer 15

an account with a cloud identity is define only in Azure AD

Question 16

User account: directory-synchornized identity

Answer 16

The identity is defined in an on-prem active directory

Question 17

User account: guest user

Answer 17

guest users are defined outside of azure

Question 18

group access rights: assigned

Answer 18

Each user is assigned rights individually

Question 19

group access rights: dynamic user

Answer 19

use dynamic membership rules to automatically add and remove group members

Question 20

group access rights: dynamic device

Answer 20

dynamic group rules to automatically add and remove devices in security groups

Question 21

regional pairs: physical isolation

Answer 21

ideally; 300 miles between regional pair datacenters so that if one is affected, the twin will unlikely to be affected as well

Question 22

regional pairs: platform-provided replication

Answer 22

some services like Geo-Redundant Storage provide automatic replication to the paired region

Question 23

regional pairs: region recover order

Answer 23

when both datacenters are out, recovery of one region is prioritized out of every pair

Question 24

regional pairs: sequential updates

Answer 24

azure system updates hit pairs one at a time

Question 25

regional pairs: data residency

Answer 25

regions reside within the same geography as their enabled set

Question 26

What are the 4 azure subscription options?

Answer 26

enterprise agreement, microsoft reseller, microsoft partner, personal free account

Question 27

azure policy: enforce rules and compliance

Answer 27

use builtin policies or make your own

Question 28

azure policy: apply policies at scale

Answer 28

apply policies to a management group with control across your entire org. define an exclusion scope

Question 29

azure policiy: perform remediation

Answer 29

conduct real-time remediation

Question 30

azure policy: exercise governance

Answer 30

support multiple engineering teams, manage multiple subscriptions, standardize and enforce how cloud resources are configured, manage regulatory compliance, cost control, security, and design consistency

Question 31

what is role-based access control?

Answer 31

RBAC is a mechanism for fine-tuning who can access your Azure resources

Question 32

rbac concept: security principal

Answer 32

an object that represents something that requests access to resources

Question 33

rbac concept: role definition

Answer 33

a set of permissions that lists the allowed operations

Question 34

rbac concept: scope

Answer 34

the boundary for the requested level of access, or “how much” access is granted

Question 35

rbac concept: assignment

Answer 35

an assignment attaches a role definition to a security principal at a particular scope

Question 36

rbac: how do security principals, role definitions, scopes, and assignments work together?

Answer 36

Security principal is the who, role definition is what they can do, scope is how high they can do it, and assignment is the whole thing written down.

Question 37

What is sspr?

Answer 37

Self service password reset