Managing Azure AD User Roles Flashcards

1
Q

What are the key elements of RBAC (Role-Based Access Control)?

A

The key elements of RBAC are security principles, role definitions, scopes, and role assignments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are security principles in RBAC?

A

Security principles are objects that represent users, groups, service principals, or managed identities that request access to Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a role definition in RBAC?

A

A role definition refers to a set of permissions or operations that can be performed. It defines the level of access for a particular role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the four fundamental built-in roles in Azure RBAC?

A

The four fundamental built-in roles in Azure RBAC are Owner, Contributor, Reader, and User Access Administrator.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the purpose of scope in RBAC?

A

Scope refers to a set of resources to which a role’s access applies. It defines the level at which the permissions are granted, such as management groups, subscriptions, resource groups, or individual resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is a role assignment in RBAC?

A

A role assignment attaches a role definition to a security principal at a specific scope, providing the necessary access to Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How can access be revoked in RBAC?

A

Access can be revoked by removing the role assignment associated with a security principal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are Azure AD Administrator roles used for?

A

Azure AD Administrator roles are used to manage Azure AD resources, create/edit users, assign admin roles, reset passwords, manage domains, and licenses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the role of a Global Administrator?

A

The Global Administrator manages all administrative features in Azure AD and federated services, assigns admin roles, and resets passwords.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What do Azure RBAC roles control?

A

Azure RBAC roles control permissions for managing Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Can Azure AD administrator roles be customized?

A

No, Azure AD administrator roles are predefined and cannot be customized. However, Azure RBAC roles can be customized.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the User Access Administrator role?

A

The User Access Administrator role is granted to Global Admins who activate the “Global Admin can manage Azure Subscriptions and Management Groups” switch, allowing them to grant access to Azure resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How can role information for Azure RBAC roles be accessed?

A

Role information for Azure RBAC roles can be accessed through the Azure Portal, Azure CLI, PowerShell, Resource Manager Templates, and REST API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can role information for Azure AD administrator roles be accessed?

A

Role information for Azure AD administrator roles is accessed through the Azure Admin Portal, Microsoft 365 Admin Center, Microsoft Graph, and Azure AD PowerShell.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Where can you find MFA settings in the Azure Portal?

A

MFA settings can be found in the Service Settings section of Azure Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can you configure app password settings?

A

App password settings can be configured in the Service Settings page under the App Passwords feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does the Trusted IPs feature in MFA settings allow?

A

The Trusted IPs feature allows bypassing two-step verification for users signing in from specified IP addresses, such as the company intranet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Can Trusted IPs bypass two-step verification in the free version of Azure Multi-Factor Authentication

A

No, Trusted IPs bypass is only available in the full version of Azure Multi-Factor Authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Where can you configure the available verification methods for end users?

A

The available verification methods for end users can be configured in the MFA settings under Service Settings.

20
Q

What does the “Remember Multi-Factor Authentication” option do?

A

The “Remember Multi-Factor Authentication” option allows users to bypass subsequent verifications for a set number of days after a successful MFA sign-in on a device.

21
Q

What are the two main components of reporting in Azure Active Directory?

A

The two main components are activity reporting and security reporting.

22
Q

What type of information does the activity reporting component provide?

A

The activity reporting component provides information about sign-ins, audit logs, managed application usage, and user/group management activities.

23
Q

What does the security reporting component focus on?

A

The security reporting component focuses on risky sign-ins and user accounts flagged as a risk.

24
Q

Who can access the sign-in activity reports in Azure Active Directory?

A

Users assigned the security administrator, security reader, report reader, or global administrator roles can access the sign-in activity reports. Users can also access their own sign-ins.

25
Q

What license is required to view the sign-in activity reports?

A

An Azure AD Premium license is required to view the sign-in activity reports.

26
Q

What information is displayed in the default view of the sign-ins report?

A

The default view displays the sign-in date, related user, application, sign-in status, risk detection status, and multi-factor authentication requirement status.

27
Q

How can the view of the sign-ins report be customized?

A

The view can be customized by clicking on “columns” in the toolbar.

28
Q

Can the sign-ins report display non-interactive sign-ins?

A

No, the sign-ins report only displays interactive sign-ins where users manually sign in using their username and password.

29
Q

What is the purpose of Azure Active Directory monitoring?

A

Azure Active Directory monitoring allows administrators to route activity logs to different endpoints and integrate them with third-party Security Information and Event Management (SIEM) tools.

30
Q

What are the options for routing Azure AD activity logs?

A

Azure AD activity logs can be routed to an Azure storage account, an Azure event hub, or an Azure Log Analytics workspace.

31
Q

What can administrators do with the routed logs?

A

Administrators can retain the logs for long-term use, integrate them with third-party SIEM tools such as Splunk and Sumo Logic, analyze the data, create dashboards, and set up alerts for specific events.

32
Q

How can the integrated logs be utilized?

A

The integrated logs can be analyzed, visualized, and monitored using the capabilities of the third-party SIEM tools or Azure services like Log Analytics.

33
Q

What are some benefits of integrating Azure AD activity logs with third-party SIEM tools?

A

Integrating Azure AD activity logs with third-party SIEM tools allows for centralized log management, advanced analytics, correlation with other security events, and the ability to create custom alerts and dashboards.

34
Q

What can administrators do with Azure MFA in the cloud?

A

Administrators can manage user and device settings for Azure Multi-Factor Authentication, such as requiring users to re-provide their contact methods, deleting app passwords, and enabling MFA on all trusted devices.

35
Q

What happens when users are required to re-provide their contact methods?

A

Requiring users to re-provide their contact methods forces them to complete the MFA registration process again. Non-browser apps that the user has access to will still work, but app passwords associated with those apps will need to be deleted.

36
Q

How can administrators delete a user’s app passwords?

A

Administrators can delete a user’s app passwords by selecting the option to delete all existing app passwords generated by the selected users. After deleting app passwords, non-browser apps associated with those passwords will stop working until new app passwords are created.

37
Q

What is the purpose of allowing users to mark devices as trusted?

A

Allowing users to mark devices as trusted allows them to opt out of two-step verification for a set number of days on their regular devices, providing a more streamlined sign-in experience.

38
Q

How can administrators remove the trusted status and require two-step verification again for a device?

A

By checking the box for “restore Multi-Factor Authentication on all remembered devices,” administrators can remove the trusted status and require two-step verification again. Users will be challenged to perform two-step verification the next time they sign in, regardless of whether they marked their device as trusted.

39
Q

What are some of the reports available for Azure MFA usage?

A

The reports available for Azure MFA usage include the block user history report, the usage and fraud alerts report, usage for on-prem components, bypassed user history, and server status.

40
Q

Which reports are specific to the on-prem MFA server offering?

A

The blocked user history report, the usage for on-prem components report, the bypassed user history report, and the server status report are specific to the on-prem MFA server offering.

41
Q

What information does the block user history report provide?

A

The block user history report shows the history of user block and user unblock requests.

42
Q

What does the usage and fraud alerts report show?

A

The usage and fraud alerts report provides information on overall usage, user summary, user details, and a history of fraud alerts that were submitted during the specified date range.

43
Q

What does the usage report for on-prem components provide?

A

The usage report for on-prem components provides information on the overall usage of MFA through the NPS extension ADFS and the MFA server.

44
Q

What does the bypassed user history report show?

A

The bypassed user history report shows the history of requests to bypass multi-factor authentication for a user.

45
Q

What does the server stats report show?

A

The server stats report shows the status of multi-factor authentication servers associated with the account.