Skill 1.1 Flashcards
how are Cloud-only users created and maanged
IN Azure AD
Who can create new users
A Global Administrator or a User Administrator
What are mandatory objects when creating a new user
username and the user’s name
What can groups contain
groups, users, devices, or service principles
What do Security Groups allow you to do
to share Azure resource access to a group of users, devices or service principles
What does an office 365 group allow
access to a shared mailbox, calendar, sharepoint site and so on
What are the group membership types
Assigned
Dynamic Users
Dynamic Device
Assigned group membership type
Allows you to add and remove users manually
Dynamic User
Allows you to use dynamic group rules to automatically add or remove members
Dynamic Device
Allows you to use dynamic group rules to automatically add and remove devices
What license do dynamic groups require
Azure AD Premium P1
True or false: you can change the membership type of a group after it has been created
True
What are the ways to manage devices
Browsing to your Azure AD tenant and selecting devices
Through the devices blade for an individual user
Who can enable and disble individual devices
Global Administrator
What does disabling a device do
prevents it from accessing your Azure AD resources and remove all details that are attached
What are the steps to upload users in bulk
- Download the CSV template
- Edit the CSV with bulk update values
- Upload the CSV and submit the operation
Who can invite a guest
All Azure users and admins
What does Azure AD join do
Allows you to control devices, applications installed on them and accessed from them, and how those applications interact with you corporate data
What three options does associating a device with Azure AD give you
o Registering a device – Appropriate for personal devices
o Registering a device – Appropriate for personal devices
o Hybrid AD joined – Devices that are joined to your on-premises AD and are registered with your Azure AD tenant.
What does associating a device with Azure AD allow you to manage
a devices identity such as the SSO, and securing access using conditional access
Can registration of Azure Devices be combined with MDM solutions
Yes
What is non-hybrid azure join used for
Windows 10 pro and enterprise devices
What can Hybrid Azure AD join be used for
Windows 10, Windows 2016, Windows 7, Windows 8.1, Windows 2008, Windows 2008 R2, Windows 2012, and Windows 2012 R2
What are SSPR license requirements
Password Change
Password Reset
Password Change/Unlock, Reset
How many authentication methods are required for SSPR by default
2
What are the categories of Azure Roles
Azure AD-Specific Roles
Service Specific Roles
Cross-service Roles
What are Azure AD-Specific Roles
Grant permissions to manage resources within Azure AD only
What are Azure Service Specific Roles
For major Microsoft 365 Services (Non-Azure AD)
What are Azure Cross Service Roles
Roles that span services. Global Administrator and Global Reader
Azure AD free License
User and group management,
on-premises directory synchronization,
basic reports,
self-service password changes,
SSO across Azure,
Office 365 and popular Azure Apps
Azure AD Premium 1 License
Lets hybrid users access both on-premises and cloud resources.
Also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager, and cloud write-back capabilities
Azure AD Premium 2 License
Offers Azure Active directory identity protections to help provide risk based Conditional ACccess to your apps and critical company data and privileged identity management to help discover restrict and monitor administrators.
What are built in roles used for within Azure AD administrative units
to delegate permissions
What cna be used to create and update Azure AD groups
Azure CLI
What should be specified for each new guest account
Email Address