Manage Microsoft Entra identities Flashcards
What operational model does Microsoft Entra ID follow?
SaaS operational model
What does Microsoft Entra ID lack support for?
Computer objects and management capabilities via Group Policy settings
List 5 admin built-in roles available in Microsoft Entra ID.
- Global Administrator
- Billing Administrator
- Service Administrator
- User Administrator
- Password Administrator
Who is assigned as the Global Administrator by default?
Account Administrator of the subscription hosting the Microsoft Entra instance
What can be delegated in Microsoft Entra ID?
Permissions to applications to act on behalf of users and groups
Which edition of Microsoft Entra ID allows dynamic group membership based on user attributes?
Microsoft Entra ID P1 edition
What features does the Premium P2 edition of Microsoft Entra ID introduce?
- Self-service group management
- Privileged Identity Management (PIM)
How can users access Microsoft Entra applications?
Using the web-based portal, My Apps, at https://myapps.microsoft.com
What is a benefit of using the My Apps portal?
Support for SSO (Single Sign-On)
What three built-in roles does the Azure delegation model utilize?
- Owner
- Contributor
- Reader
What is a limitation of Microsoft Entra ID regarding object arrangement?
Doesn’t include the OU class for hierarchical arrangement
What types of accounts can be used with Microsoft Entra ID?
3
- Organizational account created by tenant administrator
- Account referencing an organizational account in other Microsoft Entra instances
- Microsoft account
What role must you have to manage Microsoft Entra ID?
Global Administrator
Who can sign in to the Azure portal?
Tenant administrator or co-administrator configured by the tenant administrator
What role do tenant administrators and co-administrators automatically receive?
Global Administrator role in the Active Directory instance
What access does the Global Administrator role provide?
Access to all administrative features and settings
What can the Password Administrator role do?
Reset passwords for users and manage service requests
What role can manage billing information in Microsoft Entra ID?
Billing Administrator
Which role can manage user accounts and groups?
User Administrator
Which role is responsible for managing compliance settings?
Compliance Administrator
What is the default role in Microsoft Entra ID?
User
Which security roles can be configured using Privileged Identity Management?
- Security reader
- Security administrator
What can you manage using the Entra portal?
Microsoft Entra users, groups, and devices
This includes adding users to a directory and groups.
What are the two types of user accounts you can create on the Entra portal?
- Member users
- Guest users
Member users are managed by your Microsoft Entra tenant, while guest users are not.
What are member users?
Accounts that your Microsoft Entra tenant manages
Member users are the most commonly created user type.
What are guest users?
Accounts that your Microsoft Entra tenant doesn’t manage, but permissions are assigned
Guest users can be members from another Microsoft Entra tenant or a Microsoft account.
How are guest user accounts often created?
Automatically when users share content with external users
For example, sharing a OneDrive file creates a guest user account.
What are the two ways to create and manage users?
- As cloud identities using Microsoft Entra ID
- As directory-synchronized identities using an on-premises directory service
The second method requires synchronization software.
What is the quickest method to create users in Microsoft Entra?
As cloud identities using only Microsoft Entra ID
This method is straightforward.
What does the directory-synchronized identity method involve?
Using an on-premises directory service to synchronize with Microsoft Entra ID
This method is more complex due to synchronization software.
What does the Azure portal provide for user management?
A simple web interface for creating and managing users, groups, and devices
This interface simplifies the management process.
What do Microsoft Entra groups streamline?
Access management
What happens when directory synchronization is enabled?
On-premises AD DS groups can be synchronized to Microsoft Entra ID
What remains consistent between AD DS and Microsoft Entra ID?
Group membership
What type of management is used if directory synchronization isn’t in place?
Cloud-based group management
What are the two primary types of groups in Microsoft Entra ID?
- Security
- Microsoft 365
What is the purpose of a security group in Microsoft Entra ID?
To manage resource access
How does managing a security group affect access?
It indirectly manages access based on group membership
Are Microsoft Entra security groups mail-enabled?
No
What services do Microsoft 365 groups facilitate access management for?
- Microsoft Teams
- SharePoint
- Outlook
What is a characteristic of Microsoft 365 groups?
They are mail-enabled
How do you create a group in Azure?
Navigate to Microsoft Entra ID > Groups > New group on the Azure portal
What options can you specify when creating a group in Azure?
- Group type
- Name
- Description
What type of membership can be assigned to a cloud-based group?
- Assigned
- Dynamic
What does assigned membership require?
Manual addition and removal of group members
What is a characteristic of dynamic membership?
Members are based on a query of Microsoft Entra objects
On what can dynamic membership be based?
- Single attribute
- Advanced membership rule with multiple attributes
When creating a group with dynamic membership, what must you select?
Whether it’s for users or devices
Which Microsoft 365 feature uses user-based groups?
Many features
Which service uses device-based groups?
Intune
What happens to groups from on-premises AD DS with dynamic membership?
They don’t synchronize with Microsoft Entra ID
What is the purpose of directory synchronization between Microsoft Entra ID and on-premises AD DS?
To enable user, group, and contact synchronization between on-premises Active Directory and Microsoft Entra ID.
What component is installed to perform directory synchronization?
A directory synchronization component on a server in your on-premises domain.
With Microsoft Entra ID Free or Basic, what is the direction of the synchronization flow?
From local AD DS to Microsoft Entra ID.
What additional capability is provided by Microsoft Entra ID P1 or P2 regarding synchronization?
The ability to replicate some attributes from Microsoft Entra ID to Active Directory DS.
What is Microsoft Entra Connect used for?
To perform directory synchronization between Microsoft Entra ID and AD DS.
What are the default settings for Microsoft Entra Connect?
Synchronizes all users and groups.
What filtering options are available for directory synchronization?
- OU
- Domain
- User attributes
- Applications
What happens when a user identity is synchronized without the password?
The cloud-based user account will have a separate unique password.
What is the benefit of enabling password synchronization?
Allows users to authenticate using the same credentials.
What is pass-through authentication?
Microsoft Entra ID verifies that the user is valid and passes the authentication request to Microsoft Entra Connect.
What advantage does federated identities provide?
Claims-based authentication that multiple cloud-based apps can use.
What permissions are required when installing Microsoft Entra Connect?
Local Administrator on the installation computer, enterprise administrators group for local AD DS,
global administrator for Microsoft Entra ID.
What is necessary for the computer running Microsoft Entra Connect to communicate with Microsoft Entra ID?
The computer must have internet access, possibly requiring proxy server configuration.
Where must Microsoft Entra Connect be installed?
On a domain member.
Which installation option is typically used for organizations synchronizing a single AD DS forest?
Express settings.
What does selecting express settings during Entra Connect installation include?
- SQL Server Express installed
- All identities in the forest synchronized
- All attributes synchronized
- Password synchronization enabled
- Initial synchronization performed immediately
- Automatic upgrade enabled
What options can be enabled during Entra Connect custom settings installation?
- Pass-through authentication
- Federation with AD FS
- Select an attribute for matching existing cloud-based users
- Filtering based on OUs or attributes
- Exchange hybrid
- Password, group, or device writeback
What occurs after deploying Microsoft Entra Connect with respect to new objects?
New user, group, and contact objects in on-premises Active Directory are added to Microsoft Entra ID.
What happens to modified attributes of existing objects in on-premises Active Directory?
They are modified in Microsoft Entra ID.
What occurs when existing user objects are disabled on-premises?
They are disabled in Azure, but licenses aren’t automatically unassigned.
