Users and Groups Flashcards
Resources that you can add to a Security Group:
-Users, groups, managed identities, and Apps
Resources that you can add to a Microsoft 365 group:
Users
Deleted users and deleted Office 365 groups are available for restore for:
30 days!
-You cannot restore deleted Security groups
You have an existing dynamic group in Azure AD. You want the group to contain users and their devices. What shoudl you configure?
-Delete and recreate the group
-You cannot have a dynamic group that contains both users and their devices
-you cannot add dynamic groups to assigned groups
-When you want to create a “Dynamic Group”, the group can either have a Dynamic User or Dynamic Device membership.
-The iddeal approach is to have 2 separate groups, one for users and one for their devices, and then add the devices group to the users group.
-Dynamic groups are a paid Azure AD feature
You need to ensure that Admin1 can invite an external partner to sign into your Azure AD tenant.
From the Users blade, modify the External collaboration settings
Administrative Units
-You can strict access to any portion of Azure AD
-Require an Azure AD Premium P2 license for each administrative Unit admin. For each administrative unit member, the free license is enough.
-Administrative Units can only contain users and groups
Managed Identity
-A managed identity is a Azure Ad security principal that represents a resources. These are used to authenticate to any other Azure resource.
-There are System-assigned managed identity
and User-assigned managed identity.
System-assigned managed identity
Created and managed by Azure and gets assigned to your respective resource automatically. Used by a single-resource. If the resource is deleted, so is the system-assigned identity.
User-assigned managed identity
you have to manually create a user-assigned managed identity as an Azure resource and then assigned it to your app service, virtual machine, or other Azure resource. Indepenent lifecycle and can be used for multiple resources.
