Manage device authentication Flashcards
What is Microsoft Entra join?
A method to join devices to Microsoft Entra ID for cloud management and access.
Which operating systems support Microsoft Entra join?
All Windows 11 and Windows 10 devices except Home editions, Windows Server 2019 and newer Virtual Machines running in Azure.
What is a requirement for devices to join an AD DS domain?
Devices must run a supported operating system version; Home editions of Windows do not support joining a domain.
For users, what is the primary benefit of Microsoft Entra join for businesses largely in the cloud?
Users can sign into Windows using accounts created in Microsoft Entra ID and access cloud resources like Microsoft 365.
What user types are typically found in educational institutions regarding Microsoft Entra ID?
Faculty and students.
Fill in the blank: Students’ accounts can be managed in _______.
Microsoft Entra ID.
Why would an organization separate temporary accounts in Microsoft Entra ID?
To manage temporary accounts separately from regular accounts for contractors or seasonal workers.
What is a scenario where Microsoft Entra join could be beneficial?
When most applications and resources used are in the cloud.
What is required for users to join their devices to Microsoft Entra ID?
Users need to enter their Microsoft Entra credentials and accept management policies.
What does Microsoft Entra hybrid join allow?
It allows joining on-premises Active Directory domain-joined devices to Microsoft Entra ID.
Which operating systems are supported for Microsoft Entra hybrid join?
Windows 11, Windows 10, Windows 8.1 except Home editions, Windows Server 2008/R2, 2012/R2, 2016, 2019, and 2022.
True or False: Microsoft Entra hybrid join can be used in a single forest environment synchronized to multiple Microsoft Entra tenants.
False.
What are the 3 reasons to use Microsoft Entra hybrid join?
- To manage Win32 apps that rely on Active Directory machine authentication.
- If you require Group Policy to manage some of your devices
- If you want to continue to use imaging solutions to configure devices for your employee
What is the first planning step for Microsoft Entra hybrid join?
Review your environment to determine support for Windows down-level devices.
What management tool can be used for devices registered with Microsoft Entra ID?
Intune.
What is a key limitation of managing devices joined to Microsoft Entra ID?
Devices cannot be managed using Group Policy.
When can users join their devices to Microsoft Entra ID?
During initial Windows setup or by opening system settings later.
What must be configured in the Azure portal for device joining?
Options for joining a device in the Device settings section.
What is a key feature of Microsoft Entra join regarding device access to ressources ?
Access to cloud-based resources and Azure-based resources using SSO.
What is the Bring Your Own Device (BYOD) concept in relation to Microsoft Entra ID?
Enabling users to join their own devices to the organizational environment, to access cloud resources
What must be configured to join a Windows device in Microsoft Entra tenant?
The device registration service must be configured to enable you to register devices.
What is the maximum number of devices that can be registered?
You must have fewer devices registered than the configured maximum.
If your tenant is federated, what protocol support is required?
Your Identity provider MUST support WS-Fed and WS-Trust username/password endpoint.
What versions of WS-Fed and WS-Trust are acceptable?
Version 1.3 or 2005.
What is the primary purpose of Microsoft Entra join?
Intended for organizations that want to be
* cloud-first : primarily use cloud services, with a goal to reduce use of an on-premises infrastructure
or
* cloud-only: no on-premises infrastructure
Are there restrictions on the size or type of organizations that can deploy Microsoft Entra join?
No restrictions on the size or type of organizations.
5
What are the benefits of implementing Microsoft Entra joined devices?
- Single-Sign-On (SSO) to your Azure managed SaaS apps and services.
- Enterprise compliant roaming of user settings across joined devices.
- Windows Hello support
- Restriction of access to apps from only devices that meet compliance policy
- Seamless access to on-premises resources when the device has line of sight to the on-premises domain controller
How does SSO benefit users accessing work resources?
Users don’t see additional authentication prompts.
Does the SSO feature remain accessible when disconnected from the domain network?
Yes, it remains accessible.
What does enterprise compliant roaming of user settings mean?
Users don’t need to connect a Microsoft account to see settings across devices.
5
What are the reasons to use Microsoft Entra ID for organizations with on-premises infrastructure?
- To transition to cloud-based infrastructure using Microsoft Entra ID and mobile device management.
- Scenarios where you can’t use an on-premises domain join (tablets and phones)
- users primarily need to access Microsoft 365 or other SaaS apps integrated with Microsoft Entra ID
- want to manage a group of users in Microsoft Entra ID instead of in Active Directory
- want to provide joining capabilities to workers in remote branch offices with limited on-premises infrastructure
What primarily manages devices capable of joining AD DS?
Group Policy or Microsoft Configuration Manager applications
What happens when you join a device to Microsoft Entra ID?
Group Policy isn’t available except with Microsoft Entra Domain Services
Can Group Policy manage smartphones and tablets?
No
Does Microsoft Entra ID provide a built-in management mechanism for devices that don’t support Group Policy?
No
Is Microsoft Entra Domain Services enabled by default?
No, it must be manually enabled and configured
What can be configured to manage devices that join Microsoft Entra ID?
Integration between Azure and a mobile device management mechanism such as Intune
What is required for a device to automatically enroll in Intune after joining Microsoft Entra ID?
An active Intune subscription associated with the same Microsoft Entra tenant
What must a user have to join a device to Microsoft Entra ID?
An assigned Intune license
What can be configured in Intune after a device enrolls?
Intune security and configuration policies
How does Intune management differ from Group Policy management?
It doesn’t follow the same logic and has fewer available options
What do Intune management options primarily focus on?
Security and the apps on managed devices
Fill in the blank: Microsoft Entra Domain Services must be _______.
[manually enabled and configured]
True or False: Group Policy can manage all types of devices in Microsoft Entra ID.
False
What is a benefit for using Microsoft Entra ID in an organization that already has Active Directory Domain Services implemented?
1. To remove the need for domain controllers
2. To enable iOS and Android devices to be managed using Group Policy
3. To offer users the ability to use their personal devices to access organizational resources
To offer users the ability to use their personal devices to access organizational resources
With Microsoft Entra join, devices can access resources without the need to join a domain.
What is a benefit from using Microsoft Entra hybrid join?
1. Organizations can apply OS configurations to employee-owned devices
2. To allow continued use of Group Policy to manage domain-joined devices
3. To automatically configure a broad range of older versions of Windows devices
To allow continued use of Group Policy to manage domain-joined devices
Organizations transitioning to Microsoft Entra ID take time. Hybrid AD join allows continued use of existing group policy while leveraging the benefits that Microsoft Entra ID adds.
