Understand Entra ID Flashcards
A project manager is setting up a new project that includes members from different departments. The project manager wants to ensure that project team members can collaborate and have shared access to a mailbox, calendar, files, and the project’s SharePoint site.
Which Microsoft Entra feature can the project manager use to accommodate this requirement, without having to involve an administrator?
Microsoft 365 group
An organization has completed a full migration to the cloud and has purchased devices for all its employees. All employees sign in to the device through an organizational account configured in Microsoft Entra ID.
Select the option that best describes how these devices are set up in Microsoft Entra ID
- These devices are set up as Microsoft Entra registered
- These devices are set up as Microsoft Entra joined
- These devices are set up as Microsoft Entra hybrid joined
Microsoft Entra joined device
is a device joined to Microsoft Entra ID through an organizational account, which is then used to sign in to the device.
A developer wants an application to connect to Azure resources that support Microsoft Entra authentication, without having to manage any credentials and without incurring any extra cost.
Which option best describes the identity type of the application?
* Service principal
* Managed identity
* Hybrid identity
**Managed identities **
They are a type of service principal that are automatically managed in Microsoft Entra ID and eliminate the need for developers to manage credentials.
What is MS ENTRA?
Product family that covers all ID and access management within M365
Name the 3 ID models for M365
- Cloud ID
- Hybrid ID
- Federated ID
What are security groups?
Security groups are used for granting access to Microsoft 365 resources, such as SharePoint sites.
They can make administration easier because you need only administer the group rather than adding users to each resource individually.
Security groups can contain users or devices. Creating a security group for devices can be used with mobile device management services, such as Microsoft Intune.
Security groups can be configured for dynamic membership in Microsoft Entra ID, allowing group members or devices to be added or removed automatically based on user attributes such as department, location, or title; or device attributes such as operating system version.
Security groups can be added to a team.
Microsoft 365 Groups can’t be members of security groups.
What are 365 groups ?
Microsoft 365 Groups are used for collaboration between users, both inside and outside your company.
With each Microsoft 365 group, members get a group email and shared workspace for conversations, files, and calendar events, Stream, and a Planner. Microsoft 365 Groups can also be connected to Teams or Viva Engage.
You can add people from outside your organization to a group as long as this has been enabled by the administrator. You can also allow external senders to send email to the group email address.
Microsoft 365 Groups can be configured for dynamic membership in Microsoft Entra ID, allowing group members to be added or removed automatically based on user attributes such as department, location, title, etc.
Microsoft 365 Groups support nesting through dynamic groups in Microsoft Entra ID.
Microsoft 365 Groups can be added to one of the three SharePoint groups (Owners, Members, or Visitors) to give people permissions to the site.
Microsoft Entra ID is a:
* IaaS
* SaaS
* PaaS
PaaS
What is Microsoft Entra ID designed for?
Multi-tenant isolation between individual directory instances
Microsoft Entra ID is the world’s largest multi-tenant directory.
From a technical standpoint, what does ‘tenant’ represent?
An individual Microsoft Entra instance
Why might having multiple Microsoft Entra tenants be convenient?
To test Microsoft Entra functionality in one tenant without affecting the others
What allows you to grant permissions to resources in an Azure subscription?
Association with a Microsoft Entra tenant
What is the default DNS domain name assigned to each Microsoft Entra tenant?
A unique prefix followed by onmicrosoft.com
What is the prefix of the default DNS domain name derived from?
The name of the Microsoft account used to create an Azure subscription or provided explicitly during tenant creation
Is it possible to add custom domain names to a Microsoft Entra tenant?
Yes, adding at least one custom domain name is common
What role does the Microsoft Entra tenant serve?
Security boundary and container for Microsoft Entra objects
What types of objects can a Microsoft Entra tenant contain?
- Users
- Groups
- Applications
Can a single Microsoft Entra tenant support multiple Azure subscriptions?
Yes
What is a notable difference between the Microsoft Entra schema and AD DS?
The Microsoft Entra schema contains fewer object types, notably lacking a definition for the computer class.
What class does the Microsoft Entra schema include that is absent in AD DS?
The device class.
What is a key feature of the Microsoft Entra schema regarding extensions?
The extensions of the Microsoft Entra schema are easily extensible and fully reversible.
Can Microsoft Entra ID manage computers using traditional techniques like Group Policy Objects?
No, the lack of support for traditional computer domain membership prevents this.
What does Microsoft Entra ID primarily provide?
Directory services, storing and publishing user, device, and application data, and handling authentication and authorization.
What cloud service relies on Microsoft Entra ID as its identity provider?
Microsoft 365.
What class is not included in Microsoft Entra ID that is often used in on-premises AD DS deployments?
The organizational unit (OU) class.
Why is the lack of organizational units (OUs) in Microsoft Entra ID not considered a significant shortcoming?
OUs in AD DS are primarily used for Group Policy scoping and delegation, they can be accomplished in Entra by organizing objects based on group membership.
What do objects of the Application and servicePrincipal classes represent in Microsoft Entra ID?
Applications.
What does an object in the Application class contain?
An application definition.
What constitutes an instance of an application in the current Microsoft Entra tenant?
An object in the servicePrincipal class.
What is the benefit of separating application definitions and service principal objects?
It allows defining an application in one tenant and using it across multiple tenants.
What action does Microsoft Entra ID perform when you register an application in a tenant?
It creates the service principal object for the application in that Microsoft Entra tenant.
What is Active Directory Domain Services (ADDS)?
AD DS is the traditional deployment of Windows Server-based Active Directory on a physical or virtual server.
What components are included in the Windows Active Directory suite of technologies?
- Active Directory Certificate Services (AD CS)
- Active Directory Lightweight Directory Services (AD LDS)
- Active Directory Federation Services (AD FS)
- Active Directory Rights Management Services (AD RMS)
What type of structure does AD DS have?
AD DS has a hierarchical X.500-based structure.
What protocol does AD DS use for locating resources?
AD DS uses Domain Name System (DNS) for locating resources such as domain controllers.
How can you query and manage AD DS?
You can query and manage AD DS by using Lightweight Directory Access Protocol (LDAP) calls.
What protocol does AD DS primarily use for authentication?
AD DS primarily uses the Kerberos protocol for authentication.
What management structures does AD DS utilize?
AD DS uses OUs and GPOs for management.
What do computer objects in AD DS represent?
Computer objects represent computers that join an Active Directory domain.
How does AD DS facilitate delegated management between domains?
AD DS uses trusts between domains for delegated management.
Can you deploy AD DS on an Azure virtual machine?
Yes, you can deploy AD DS on an Azure virtual machine to enable scalability and availability for an on-premises AD DS.
Does deploying AD DS on an Azure virtual machine utilize Microsoft Entra ID?
No, deploying AD DS on an Azure virtual machine doesn’t make any use of Microsoft Entra ID.
What is the primary function of Microsoft Entra ID?
Identity solution designed for internet-based applications
What communication protocols does Microsoft Entra ID use?
HTTP (port 80) and HTTPS (port 443)
What type of directory service is Microsoft Entra ID?
Multi-tenant directory service
How are users and groups structured in Microsoft Entra ID?
Flat structure without OUs or GPOs
Can Microsoft Entra ID be queried using LDAP?
No, it uses REST API over HTTP and HTTPS
What authentication methods does Microsoft Entra ID employ?
SAML, WS-Federation, and OpenID Connect
What authorization protocol is used by Microsoft Entra ID?
OAuth
Does Microsoft Entra ID use Kerberos authentication?
No
Which third-party service is mentioned as being federated with Microsoft Entra ID?
True or False: Microsoft Entra ID is the same as deploying an Active Directory domain controller on Azure.
False
What is required for cloud services like Microsoft 365 or Intune?
Directory services in the cloud for authentication and authorization
What identity service covers all Microsoft cloud-based services?
Microsoft Entra ID
What does Microsoft Entra ID provide for applications in Azure?
Centralized authentication and authorization
What user experience does Microsoft Entra ID provide when using certain applications?
SSO experience
Which applications can provide SSO experience with Microsoft Entra ID?
- Google services
- Yahoo
- Microsoft cloud services
Where can you enable Microsoft Entra authentication in Azure App Service?
Authentication/Authorization blade in the Azure portal
What can you ensure by designating the Microsoft Entra tenant?
Only users with accounts in that directory can access the website
6
Which services are included in MS Entra free version?
- User and group management
- On-premises directory synchronization
- Basic reports
- Self-service password change for cloud users
- Single sign-on across Azure, Microsoft 365, and many popular SaaS apps
- MFA
9
Which features are available in MS ENTRA P1 version ?
- All features in MS Entra free version
- Self-service group management.
- Advanced security reports and alerts.
- Full Multi-factor authentication.
- Microsoft Identity Manager (MIM) licensing.
- Enterprise SLA of 99.9%.
- Password reset with writeback.
- Cloud App Discovery feature of Microsoft Entra ID.
- Microsoft Entra Connect Health.
What is Self-service group management feature?
- simplifies the administration of groups
- users are given the rights to create and manage the M365 groups.
- End users can create requests to join other M365 groups, and group owners can approve requests and maintain their groups’ memberships.
What are the benefits of the feature Advanced security reports and alerts
You can monitor and protect access to your cloud applications by viewing detailed logs that show advanced anomalies and inconsistent access pattern reports.
Advanced reports are machine learning based and can help you gain new insights to improve access security and respond to potential threats.
What is Microsoft Identity Manager feature?
- provides hybrid identity solutions.
- can bridge multiple on-premises authentication stores such as AD DS, LDAP, Oracle, and other applications with Microsoft Entra ID.
- This provides consistent experiences to on-premises line-of-business (LOB) applications and SaaS solutions.
What is Password reset with writeback feature?
Self-service password reset follows the Active Directory on-premises password policy.
3
Which features are available in MS ENTRA P2 version ?
- All features in free and P1
- Microsoft Entra ID Protection
- Microsoft Entra Privileged Identity Management.
What is Microsoft Entra ID Protection feature?
provides enhanced functionalities for monitoring and protecting user accounts.
You can define user risk policies and sign-in policies.
In addition, you can review users’ behavior and flag users for risk.
What is Microsoft Entra Privileged Identity Management functionality?
lets you configure additional security levels for privileged users such as administrators.
you define permanent and temporary administrators.
You also define a policy workflow that activates whenever someone wants to use administrative privileges to perform some task.
What is one key issue when moving LOB applications to Azure?
Providing authentication services to these apps
What service does Microsoft provide as an alternative to traditional authentication methods?
Microsoft Entra Domain Services
What does Microsoft Entra Domain Services provide?
Domain services such as Group Policy management, domain joining, and Kerberos authentication
What tiers of Microsoft Entra ID include Microsoft Entra Domain Services?
P1 or P2 tier
How does Microsoft Entra ID integrate with local AD DS?
Through Microsoft Entra Connect
What are the 3 benefits of using Microsoft Entra Domain Services?
- Administrators don’t need to manage, update, and monitor domain controllers.
- Administrators don’t need to deploy and manage Active Directory replication.
- There’s no need to have Domain Admins or Enterprise Admins groups for domains that Microsoft Entra ID manages.
What limitations exist in Microsoft Entra Domain Services?
- Only the base computer Active Directory object is supported.
- not possible to extend the schema for the Microsoft Entra Domain Services domain.
- The organizational unit (OU) structure is flat and nested OUs aren’t currently supported.
- There’s a built-in Group Policy Object (GPO), and it exists for computer and user accounts.
- It’s not possible to target OUs with built-in GPOs. Additionally, you can’t use Windows Management Instrumentation filters or security-group filtering.
What is the structure of the organizational unit (OU) in Microsoft Entra Domain Services?
Flat; nested OUs aren’t currently supported
What type of Group Policy Object (GPO) exists in Microsoft Entra Domain Services?
A built-in GPO for computer and user accounts
What protocols can applications that use Microsoft Entra Domain Services migrate to the cloud utilize?
LDAP, NTLM, or Kerberos
What applications can be deployed in Azure IaaS without needing domain controllers in the cloud?
Microsoft SQL Server or Microsoft SharePoint Server
How can you enable Microsoft Entra Domain Services?
Using the Azure portal
How is the cost for Microsoft Entra Domain Services calculated?
Per hour based on the size of your directory
