Managing Azure AD User Roles Flashcards
What are the key elements of RBAC (Role-Based Access Control)?
The key elements of RBAC are security principles, role definitions, scopes, and role assignments.
What are security principles in RBAC?
Security principles are objects that represent users, groups, service principals, or managed identities that request access to Azure resources.
What is a role definition in RBAC?
A role definition refers to a set of permissions or operations that can be performed. It defines the level of access for a particular role.
What are the four fundamental built-in roles in Azure RBAC?
The four fundamental built-in roles in Azure RBAC are Owner, Contributor, Reader, and User Access Administrator.
What is the purpose of scope in RBAC?
Scope refers to a set of resources to which a role’s access applies. It defines the level at which the permissions are granted, such as management groups, subscriptions, resource groups, or individual resources.
What is a role assignment in RBAC?
A role assignment attaches a role definition to a security principal at a specific scope, providing the necessary access to Azure resources.
How can access be revoked in RBAC?
Access can be revoked by removing the role assignment associated with a security principal.
What are Azure AD Administrator roles used for?
Azure AD Administrator roles are used to manage Azure AD resources, create/edit users, assign admin roles, reset passwords, manage domains, and licenses.
What is the role of a Global Administrator?
The Global Administrator manages all administrative features in Azure AD and federated services, assigns admin roles, and resets passwords.
What do Azure RBAC roles control?
Azure RBAC roles control permissions for managing Azure resources.
Can Azure AD administrator roles be customized?
No, Azure AD administrator roles are predefined and cannot be customized. However, Azure RBAC roles can be customized.
What is the User Access Administrator role?
The User Access Administrator role is granted to Global Admins who activate the “Global Admin can manage Azure Subscriptions and Management Groups” switch, allowing them to grant access to Azure resources.
How can role information for Azure RBAC roles be accessed?
Role information for Azure RBAC roles can be accessed through the Azure Portal, Azure CLI, PowerShell, Resource Manager Templates, and REST API.
How can role information for Azure AD administrator roles be accessed?
Role information for Azure AD administrator roles is accessed through the Azure Admin Portal, Microsoft 365 Admin Center, Microsoft Graph, and Azure AD PowerShell.
Where can you find MFA settings in the Azure Portal?
MFA settings can be found in the Service Settings section of Azure Active Directory.
How can you configure app password settings?
App password settings can be configured in the Service Settings page under the App Passwords feature.
What does the Trusted IPs feature in MFA settings allow?
The Trusted IPs feature allows bypassing two-step verification for users signing in from specified IP addresses, such as the company intranet.
Can Trusted IPs bypass two-step verification in the free version of Azure Multi-Factor Authentication
No, Trusted IPs bypass is only available in the full version of Azure Multi-Factor Authentication.