Manage Azure identities and governance Flashcards
When moving an App Service resource to another resource group what are the following things the resource group must not include?
Web Apps
App Service Plans
TLS/SSL Certificates
App Service Enviroments
What are the two roles in Microsoft 365?
Owner
Member
What is an administrative unit?
This allows you to restrict users access based on their role
What is Global Administrator role?
This role has access to all AAD and the services aligned with it
Give admin access
Reset password for every admin
What is Billing Administrator role?
Purchase things
In charge of subscription
Maintains service health
Controls support tickets
What is User Administrator role?
Users and groups can be created and managed
Control support tickets
What is Azure AD Registerd?
This connects your BOYD devices to AAD
What is Azure AD Joined
This connects your org device to AAD then is syncs to AD on-prem
What is Hybird AD Joined
This syncs your A on-prem devices to AAD
What is an Azure resource lock?
This is used to lock azure subscription, resource group, or resource to protect them from accidental user deletions and modifications.
What are the two types of Azure locks
Read-only
Delete
What is delete lock type?
This means authorised users can read and modify a resource, but cannot delete it
What dose read-only lock type mean?
This means authorized users can read a resource, but they can’t delete or update it
When moving a web app to another resource group what resources mustn’t the new resource group have?
Web Apps
App Service plans
Uploaded or imported TLS/SSL certificates
App Service Environments
What is Management Groups?
Management groups are used to organise subscriptions to allow policy and price management easier to delegate
What is Subscriptions?
Subscriptions are used to host resources and groups and are used for management of the polices and pricing.
What is Resource Groups
This is a container that hold Azure resources.
What is Azure Resources
This is manageable item in Azure like VMs, Azure Web App, SQL Database.
What is Azure Resource Manager?
Azure resource manager is used for creating an deploying of Azure resources.
What four things can be used to deploy an Azure Resource?
Azure Portal
Azure PowerShell
Azure CLI
REST API Clients
What type of resources can be deployed via Azure Resource Manager?
VMs
Azure Web App
SQL Database
What is a Resource Provider?
This is a service that provides the resource. For example, VMs are provided by Microsoft.Compute.
What is Azure Resource Manager Template?
This is a JSON file (JavaScript Object Notation) that is used to define one or more resources deployed to a resource group or subscription.
What dose SSPR stand for?
Self-Service Password Reset
What is Self-Service Password Reset?
SSPR can be abled for all or limited number of users. You can setup authentication methods like security questions, email, SMS, etc. Users have to setup SSPR manually before it will become an option for them to use.
What dose RBAC stand for?
Role-based Access Control
What is RBAC used for?
RBAC can restrict what access users can have to Azure Resources. It allows the admin to restrict access per subscription, resource groups or resources and provide either RO or RW access.
Why do we use RBAC?
This allows businesses to stay compliant with local and global laws with data restrictions and confidentiality. You can either user built-in Azure RBAC roles or create custom roles using JSON files.
What are the two types of AD Tenants?
B2C (business-to-customer)
B2B (business-to-business)
What is B2C?
B2C (business-to-customer) is an identity solution for customer facing applications, it has it own independent tenant not connected to AAD and can used local, enterprise or social accounts connections
What is B2B?
B2B (business-to-business) allows guest access into your Azure environment for collaboration on Azure resources. This works by using external identities like enterprise or social accounts as authentication into the Azure environment.
What are features of Azure AD DS
Full identify solution
REST API Queries
Communication Protocols
Federation Services
Flat Structure
Managed Service
What is Azure Policies?
Azure polices service is used to create, assign and manage polices. The polices are used to enforce rules to resources and can show non-compliance status if not following the rules.
What are Resource Tags used for?
Resource tags can be used to organize resources in Azure, with each tag having a name and a value. Once applied the resource tag you can find the resource using the tags name and value, this helps when trying to find resource across various resource groups.
What can the role Account Administrator do?
This account is the billing owner of the subscriptions
- Can access theAzure portaland manage billing
- Manage billing for all subscriptions in the account
- Create new subscriptions
- Cancel subscriptions
- Change the billing for a subscription
- Change the Service Administrator
- Can’t cancel subscriptions unless they have the Service Administrator or subscription Owner role
What can the role Service Administrator do?
The Service Administrator has the equivalent access of a user who is assigned the Owner role at the subscription scope. The Service Administrator has full access to the Azure portal.
- Manage services in the Azure portal
- Cancel the subscription
- Assign users to the Co-Administrator role
What can the role Co-Administrator do?
The Co-Administrator has the equivalent access of a user who is assigned the Owner role at the subscription scope.
- Same access privileges as the Service Administrator, but can’t change the association of subscriptions to Microsoft Entra directories
- Assign users to the Co-Administrator role, but can’t change the Service Administrator
What tools can you use to create administrative units?
Azure Portal
MS Graph/Powershell
MS 365 Admin Center
What steps should you take to connect a 3rd party domain to AAD?
Add a custom domain
Add a record to the public whizlabs.com DNS zone
Verify the domain
What are thing to note before moving resources in Azure?
Both the source and target group are locked during the move
You can’t add, update or delete resources in the resource group (during the move)
Underlying resources will still work during the move
Who can have local admin an an Azure Joined machine?
Global Administrator
Device Local Administrator Role
User joining the device
When moving resources from one resource group to another. What do you need to keep in mind regarding locks?
If the resource being moved has a lock enabled, it doesn’t matter since the resource group lock is the only thing that matters when moving resources.
When creating a new tenant in Azure, who has access to the tenant?
Only the owner/creator of the tenant
If a users in a global admin in tenant A, then another user creates tenant B. What access will they have on tenant B?
No access. The users who created the tenant will need to give them access.
