Managing Azure AD User Roles

Question 1

What are the key elements of RBAC (Role-Based Access Control)?

Answer 1

The key elements of RBAC are security principles, role definitions, scopes, and role assignments.

Question 2

What are security principles in RBAC?

Answer 2

Security principles are objects that represent users, groups, service principals, or managed identities that request access to Azure resources.

Question 3

What is a role definition in RBAC?

Answer 3

A role definition refers to a set of permissions or operations that can be performed. It defines the level of access for a particular role.

Question 4

What are the four fundamental built-in roles in Azure RBAC?

Answer 4

The four fundamental built-in roles in Azure RBAC are Owner, Contributor, Reader, and User Access Administrator.

Question 5

What is the purpose of scope in RBAC?

Answer 5

Scope refers to a set of resources to which a role’s access applies. It defines the level at which the permissions are granted, such as management groups, subscriptions, resource groups, or individual resources.

Question 6

What is a role assignment in RBAC?

Answer 6

A role assignment attaches a role definition to a security principal at a specific scope, providing the necessary access to Azure resources.

Question 7

How can access be revoked in RBAC?

Answer 7

Access can be revoked by removing the role assignment associated with a security principal.

Question 8

What are Azure AD Administrator roles used for?

Answer 8

Azure AD Administrator roles are used to manage Azure AD resources, create/edit users, assign admin roles, reset passwords, manage domains, and licenses.

Question 9

What is the role of a Global Administrator?

Answer 9

The Global Administrator manages all administrative features in Azure AD and federated services, assigns admin roles, and resets passwords.

Question 10

What do Azure RBAC roles control?

Answer 10

Azure RBAC roles control permissions for managing Azure resources.

Question 11

Can Azure AD administrator roles be customized?

Answer 11

No, Azure AD administrator roles are predefined and cannot be customized. However, Azure RBAC roles can be customized.

Question 12

What is the User Access Administrator role?

Answer 12

The User Access Administrator role is granted to Global Admins who activate the “Global Admin can manage Azure Subscriptions and Management Groups” switch, allowing them to grant access to Azure resources.

Question 13

How can role information for Azure RBAC roles be accessed?

Answer 13

Role information for Azure RBAC roles can be accessed through the Azure Portal, Azure CLI, PowerShell, Resource Manager Templates, and REST API.

Question 14

How can role information for Azure AD administrator roles be accessed?

Answer 14

Role information for Azure AD administrator roles is accessed through the Azure Admin Portal, Microsoft 365 Admin Center, Microsoft Graph, and Azure AD PowerShell.

Question 15

Where can you find MFA settings in the Azure Portal?

Answer 15

MFA settings can be found in the Service Settings section of Azure Active Directory.

Question 16

How can you configure app password settings?

Answer 16

App password settings can be configured in the Service Settings page under the App Passwords feature.

Question 17

What does the Trusted IPs feature in MFA settings allow?

Answer 17

The Trusted IPs feature allows bypassing two-step verification for users signing in from specified IP addresses, such as the company intranet.

Question 18

Can Trusted IPs bypass two-step verification in the free version of Azure Multi-Factor Authentication

Answer 18

No, Trusted IPs bypass is only available in the full version of Azure Multi-Factor Authentication.

Question 19

Where can you configure the available verification methods for end users?

Answer 19

The available verification methods for end users can be configured in the MFA settings under Service Settings.

Question 20

What does the “Remember Multi-Factor Authentication” option do?

Answer 20

The “Remember Multi-Factor Authentication” option allows users to bypass subsequent verifications for a set number of days after a successful MFA sign-in on a device.

Question 21

What are the two main components of reporting in Azure Active Directory?

Answer 21

The two main components are activity reporting and security reporting.

Question 22

What type of information does the activity reporting component provide?

Answer 22

The activity reporting component provides information about sign-ins, audit logs, managed application usage, and user/group management activities.

Question 23

What does the security reporting component focus on?

Answer 23

The security reporting component focuses on risky sign-ins and user accounts flagged as a risk.

Question 24

Who can access the sign-in activity reports in Azure Active Directory?

Answer 24

Users assigned the security administrator, security reader, report reader, or global administrator roles can access the sign-in activity reports. Users can also access their own sign-ins.

Question 25

What license is required to view the sign-in activity reports?

Answer 25

An Azure AD Premium license is required to view the sign-in activity reports.

Question 26

What information is displayed in the default view of the sign-ins report?

Answer 26

The default view displays the sign-in date, related user, application, sign-in status, risk detection status, and multi-factor authentication requirement status.

Question 27

How can the view of the sign-ins report be customized?

Answer 27

The view can be customized by clicking on “columns” in the toolbar.

Question 28

Can the sign-ins report display non-interactive sign-ins?

Answer 28

No, the sign-ins report only displays interactive sign-ins where users manually sign in using their username and password.

Question 29

What is the purpose of Azure Active Directory monitoring?

Answer 29

Azure Active Directory monitoring allows administrators to route activity logs to different endpoints and integrate them with third-party Security Information and Event Management (SIEM) tools.

Question 30

What are the options for routing Azure AD activity logs?

Answer 30

Azure AD activity logs can be routed to an Azure storage account, an Azure event hub, or an Azure Log Analytics workspace.

Question 31

What can administrators do with the routed logs?

Answer 31

Administrators can retain the logs for long-term use, integrate them with third-party SIEM tools such as Splunk and Sumo Logic, analyze the data, create dashboards, and set up alerts for specific events.

Question 32

How can the integrated logs be utilized?

Answer 32

The integrated logs can be analyzed, visualized, and monitored using the capabilities of the third-party SIEM tools or Azure services like Log Analytics.

Question 33

What are some benefits of integrating Azure AD activity logs with third-party SIEM tools?

Answer 33

Integrating Azure AD activity logs with third-party SIEM tools allows for centralized log management, advanced analytics, correlation with other security events, and the ability to create custom alerts and dashboards.

Question 34

What can administrators do with Azure MFA in the cloud?

Answer 34

Administrators can manage user and device settings for Azure Multi-Factor Authentication, such as requiring users to re-provide their contact methods, deleting app passwords, and enabling MFA on all trusted devices.

Question 35

What happens when users are required to re-provide their contact methods?

Answer 35

Requiring users to re-provide their contact methods forces them to complete the MFA registration process again. Non-browser apps that the user has access to will still work, but app passwords associated with those apps will need to be deleted.

Question 36

How can administrators delete a user’s app passwords?

Answer 36

Administrators can delete a user’s app passwords by selecting the option to delete all existing app passwords generated by the selected users. After deleting app passwords, non-browser apps associated with those passwords will stop working until new app passwords are created.

Question 37

What is the purpose of allowing users to mark devices as trusted?

Answer 37

Allowing users to mark devices as trusted allows them to opt out of two-step verification for a set number of days on their regular devices, providing a more streamlined sign-in experience.

Question 38

How can administrators remove the trusted status and require two-step verification again for a device?

Answer 38

By checking the box for “restore Multi-Factor Authentication on all remembered devices,” administrators can remove the trusted status and require two-step verification again. Users will be challenged to perform two-step verification the next time they sign in, regardless of whether they marked their device as trusted.

Question 39

What are some of the reports available for Azure MFA usage?

Answer 39

The reports available for Azure MFA usage include the block user history report, the usage and fraud alerts report, usage for on-prem components, bypassed user history, and server status.

Question 40

Which reports are specific to the on-prem MFA server offering?

Answer 40

The blocked user history report, the usage for on-prem components report, the bypassed user history report, and the server status report are specific to the on-prem MFA server offering.

Question 41

What information does the block user history report provide?

Answer 41

The block user history report shows the history of user block and user unblock requests.

Question 42

What does the usage and fraud alerts report show?

Answer 42

The usage and fraud alerts report provides information on overall usage, user summary, user details, and a history of fraud alerts that were submitted during the specified date range.

Question 43

What does the usage report for on-prem components provide?

Answer 43

The usage report for on-prem components provides information on the overall usage of MFA through the NPS extension ADFS and the MFA server.

Question 44

What does the bypassed user history report show?

Answer 44

The bypassed user history report shows the history of requests to bypass multi-factor authentication for a user.

Question 45

What does the server stats report show?

Answer 45

The server stats report shows the status of multi-factor authentication servers associated with the account.