Manage identity and access

Question 1

What is Microsoft Entra ID?

Answer 1

a cloud based identity and access management service that enables your employees access external resources.

Question 2

Resources that employees can access with Microsoft Entra ID

Answer 2

Microsoft 365
Azure portal
SaaS applications

apps on corporate intranet
cloud apps developed for you own organization

Question 3

Who uses Microsoft Entra ID?

Answer 3

IT admins

App Developers

Microsoft 365, Office 356, Azure, or Dynamics CRM Online subscribers

Question 4

What are Microsoft Entra ID licenses?

Answer 4

add paid features by upgrading to P1 or P2 licenses.

licenses provide self-service, enhanced monitoring, security reporting, and secure access for mobile users

Question 5

T or f

If you subscribe to any Microsoft Online business service, you automatically get access to Microsoft Entra ID Free

Answer 5

True

Question 6

T or F

To enhance your Microsoft Entra implementation, you can also add paid features by upgrading to Microsoft Entra ID P1 or Premium P2 licenses

Answer 6

True

Question 7

T or F

Microsoft Entra paid licenses are built on top of your existing free directory

Answer 7

true

Question 8

Microsoft Entra ID Free

Answer 8

user and group management
on premises directory synchronization
basic reports
self service password change for cloud users
single sign on across Azure
Microsoft 365
many SaaS apps

Question 9

Microsoft Entra ID P1

Answer 9

in addition to the free features -

lets hybrid users access both on premises and cloud resources

supports advanced administration - such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities which allow self-service password reset for your on-premises user

Question 10

Microsoft Entra ID P2

Answer 10

In addition to the Free and P1 features

offers Microsoft Entra ID Protection to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed

Question 11

Pay as you go - feature licenses

Answer 11

such as Business-to-Customer (B2C).

B2C can help you provide identity and access management solutions for your customer-facing apps.

Question 12

Which features work in Microsoft Entra ID?

Answer 12

Application management

Authentication

Microsoft Entra ID for developers

B2B

B2C

Conditional Access

Device Management

Domain Services

Enterprise Users

Hybrid Identity

Identity governance

Identity protection

Managed identities for Azure resources

Privileged identity management (PIM)

Monitoring and health

Workload identities

Question 13

T or F

Microsoft Entra ID allows you to create several types of users in your tenant, which provides greater flexibility in how you manage your organization’s users.

Answer 13

true

Question 14

t or f

Global Administrator can create users and assign roles

Answer 14

true

Question 15

t or f

The required role of least privilege varies based on the type of user you’re adding and if you need to assign Microsoft Entra roles at the same time

Answer 15

true

Question 16

Microsoft Entra users:

Task - create a new user.

What is the role?

Answer 16

role - User Administrator

Question 17

Microsoft Entra users:

Task - Invite an external guest

What is the role?

Answer 17

role - Guest Inviter

Question 18

Microsoft Entra users:

Task - Assign Microsoft Entra roles

What is the role?

Answer 18

role - Privileged Role Administrator

Question 19

Type of users

Answer 19

Internal member

internal guest

external member

external guest

Question 20

Internal member

Answer 20

most likely full time employees

Question 21

Internal guest

Answer 21

account in your tenant but have guest level privileges

Question 22

External member

Answer 22

authenticate using an external account but have member access to your tenant.

• common in multitenant organizations

Question 23

External guest

Answer 23

true guest of your tenant who authenticate using an external method and who have guest level privileges

Question 24

t or f

Internal guest and members have credentials in your Microsoft Entra tenant that can be managed by administrators

Answer 24

True

Question 25

T or F

External members authenticate to their home Microsoft

Answer 25

True

Question 26

How to create a new user in Microsoft Entra ID

Answer 26

sign in to the Microsoft Entra admin center as a USER Administrator

Question 27

T or F

With Microsoft Entra you can grant access and permissions to a group of users instead of each individual

Answer 27

True

Question 28

The groups that can’t be managed in the Azure portal

Answer 28

Groups synced from on-premises Microsoft Entra ID can be managed only in on-premises Microsoft Entra ID.

Distribution lists and mail-enabled security groups are managed only in Exchange admin center or Microsoft 365 admin center. You must sign in to Exchange admin center or Microsoft 365 admin center to manage these groups.

Question 29

Microsoft Entra ID lets you use groups to manage access to applications, data, and resources. Resources can be:

Answer 29

Part of the Microsoft Entra organization, such as permissions to manage objects through roles in Microsoft Entra ID

External to the organization, such as for Software as a Service (SaaS) apps

Azure services

SharePoint sites

On-premises resources

Question 30

How many group types are there?

Answer 30

2

Security - used to manage user and computer access to shared resources

Microsoft 365 - provides collaboration opportunities by giving group members access to shared mailbox, calendar, files, SharePoint sites, and more

Question 31

How many group membership types are there?

Answer 31

3

Assigned - Lets you add specific users as members of a group and have unique permissions

Dynamic user - Lets you use dynamic membership rules to automatically add and remove members

Dynamic device - Lets you use dynamic group rules to automatically add and remove devices

Question 32

t of f

Each application, resource, and service that requires access permissions needs to be managed separately.

Answer 32

true

permissions for one may not be the same for the other

Question 33

How access management in Microsoft Entra ID works

Answer 33

Microsoft Entra ID helps you give access to your organization’s resources by providing access rights to a single user or to an entire Microsoft Entra group

Question 34

Ways to assign access rights

Answer 34

Direct assignment
Group assignment
Rule based assignment
External authority assignment

Question 35

T or F

The group owner can let users find their own groups to join, instead of assigning them

Answer 35

True

Question 36

T or F

the owner can set up the group to automatically accept all users that join or to require approval

Answer 36

true

Question 37

Recommend when to use external identities

Answer 37

B2B collaboration - with Microsoft Entra External ID you can invite guest users to collaborate with your organization

Question 38

T or F

With Microsoft Entra B2B, the partner uses their own identity management solution, so there’s no external administrative overhead for your organization

Answer 38

True

The partner uses their own identities and credentials, whether or not they have a Microsoft Entra account.

You don’t need to manage external accounts or passwords.

You don’t need to sync accounts or manage account lifecycles.

Question 39

With B2B collaboration with other Microsoft Entra organizations you can control and manage settings such as

Answer 39

managed inbound and outbound B2B collab

scope access to specific users, group, and applications

MFA

cross tenant access

device claims

Question 40

t or F

You can use external collaboration settings to define who can invite external users, allow or block B2B specific domains, and set restrictions on guest user access to your directory.

Answer 40

True

Question 41

t or f

Use Microsoft cloud settings to establish mutual B2B collaboration between the Microsoft Azure global cloud and Microsoft Azure Government or Microsoft Azure operated by 21Vianet.

Answer 41

True

Question 42

What is self-service sign up

Answer 42

a self-service sign-up user flow, you can create a sign-up experience for external users who want to access your apps

Question 43

t or f

You can delegate guest user management to application owners so that they can add guest users to any app

Answer 43

True

Question 44

t or f

Non-administrators use their Access Panel to add guest users to applications or groups.

Answer 44

true

Question 45

t or f

Administrators set up self-service app and group management.

Answer 45

true

Question 46

how do non administrators add guest users to applications or groups?

Answer 46

Access panel

Question 47

How to customize the onboarding experience for B2B guest users

Answer 47

Use Microsoft Entra entitlement management to configure policies that manage access for external users.

Use the B2B collaboration invitation APIs to customize your onboarding experiences.

Question 48

Integrate with identity providers

Answer 48

external users can sign in with their existing social or enterprise accounts instead of creating a new account just for your application

Question 49

Integrate with SharePoint and OneDrive

Answer 49

to share files, folders, list items, document libraries, and sites with people outside your organization, while using Azure B2B for authentication and management

Question 50

Secure external identities

Answer 50

managed access with Microsoft Entra ID or Microsoft Entra B2C

Question 51

the following capabilities make up External Identities

Answer 51

B2B collab

B2B direct connect

Microsoft Entra B2C

Microsoft Entra multitenant organization

Question 52

B2B collaboration

Answer 52

Collaborate with external users by letting them use their preferred identity to sign in to your Microsoft applications or other enterprise applications

• typically guest users

Question 53

B2B direct connect

Answer 53

Establish a mutual, two-way trust with another Microsoft Entra organization for seamless collaboration

Question 54

Microsoft Enter B2C

Answer 54

Publish modern SaaS apps or custom-developed apps (excluding Microsoft apps) to consumers and customers, while using Microsoft Entra B2C for identity and access management

Question 55

Microsoft Entra multitenant organization

Answer 55

Collaborate with multiple tenants in a single Microsoft Entra organization via cross-tenant synchronization

Question 56

T or F

With B2B collaboration you can invite anyone to sign in to your Microsoft Entra organization using their own credentials

Answer 56

True

Question 57

Ways to add external users to your organization for B2B collaboration

Answer 57

invite users with them using their Microsoft Entra accounts

use self service sign up

Microsoft Entra entitlement management

Question 58

Microsoft Entra Identity protection

Answer 58

helps organizations detect, investigate, and remediate identity based risks

Question 59

Detect risks from?

Answer 59

Active Directory
Microsoft Accounts
gaming - Xbox

Question 60

Identity Protection provides three key reports for administrators to investigate risks and take action:

Answer 60

Risk detections - Each risk detected is reported as a risk detection

Risky sign ins - A risky sign-in is reported when there are one or more risk detections reported for that sign-in.

Risky users - A Risky user is reported when either or both of the following are true:
The user has one or more Risky sign-ins.
One or more risk detections have been reported.

Question 61

Automatic remediation

Answer 61

Risk-based Conditional Access policies can be enabled to require access controls such as providing a strong authentication method, perform multifactor authentication, or perform a secure password reset based on the detected risk level. If the user successfully completes the access control, the risk is automatically remediated.

Question 62

Manual remediation

Answer 62

When user remediation isn’t enabled, an administrator must manually review them in the reports in the portal, through the API, or in Microsoft 365 Defender.

Administrators can perform manual actions to dismiss, confirm safe, or confirm compromise on the risks.

Question 63

making use of the data

Answer 63

Data from Identity Protection can be exported to other tools for archive, further investigation, and correlation.

Question 64

A company wants to collaborate with a vendor outside of their organization. Which capability of Microsoft Entra External ID should they use?

Answer 64

b2b collab

Question 65

An organization wants to enable automatic remediation for identity-based risks detected by Microsoft Entra ID Protection. What access controls can be required based on the detected risk level?

Answer 65

Providing a strong authentication method, performing multifactor authentication, or performing a secure password reset

Question 66

A User Administrator wants to add a new user to their Microsoft Entra ID organization. What steps should they follow?

Answer 66

Sign in to the Azure portal in the User Administrator role, navigate to Microsoft Entra ID Users, and select either Create new user or Invite external user from the menu.

Question 67

A company wants to manage identity and access for external users at scale by automating access request workflows, access assignments, reviews, and expiration. Which feature should they use?

Answer 67

Microsoft Entra entitlement management

Question 68

A company wants to create a sign-up experience for external users who want to access their apps. What options can they provide as part of the sign-up flow?

Answer 68

Providing options for different social or enterprise identity providers.