Managing Azure AD Objects

Question 1

What are security groups used for?

Answer 1

Security groups are used to manage member and computer access to shared resources.

Question 2

What are Microsoft 365 groups?

Answer 2

M365 groups facilitate collaboration opportunities.

Question 3

What is the difference between manually assigning and dynamically assigning a user or device to a group?

Answer 3

Using the manual assignment option requires the admin to manually specify which users or devices should be members of a group. Dynamic User assignment allows you to define dynamic membership rules that will automatically add or remove group members.

Question 4

Who can create and delete user accounts in the Azure portal?

Answer 4

Only Global Administrators or User Administrators can create and delete user accounts in the Azure portal.

Question 5

What type of file is used to perform bulk operations?

Answer 5

CSV (Comma separated values) file

Question 6

How many guest users can be invited for every Azure AD license?

Answer 6

5

Question 7

What capabilities do guest users have access to?

Answer 7

Guest users have access to the capabilities that come with the license under which they were invited. If a guest was invited under a free license, they could potentially have access to the capabilities included in the free license agreement. Guests invited under a Premium P1 license could potentially have access to capabilities included in the P1 license agreement.

Question 8

What is an Azure AD administrative unit?

Answer 8

An Azure AD resource that can be a container for other Azure AD resources. They allow you to divvy up roles and responsibilities when you have several independent divisions. They can be used to restrict administrative scopes. They can only contain users, groups, or devices.

Question 9

Who can manage administrative units?

Answer 9

Only Global Admins and Privileged Role Administrators.

Question 10

Where can you find a quick snapshot of stale devices, noncompliant devices, unmanaged devices as well as total number of devices?

Answer 10

Devices | Overview page

Question 11

True or False:
A cloud identity can only be for user accounts defined in your Azure AD organization.

Answer 11

False

Question 12

__________ are used to manage user and computer access to resources for groups of users or devices.

Answer 12

Security groups

Question 13

True or False:
Administrative Units allow you to divvy up roles and responsibilities when you have several independent divisions.

Answer 13

True

Question 14

True or False:
Being an Intune Administrator allows you to delete devices in Azure AD.

Answer 14

True
To delete a device, you must be a Cloud Device Administrator, Intune Administrator, Windows 365 Administrator, or Global Administrator in Azure AD.

Question 15

The ______________ setting allows you to choose which users can register their devices as Azure AD joined devices.

Answer 15

Users may join devices to Azure AD