Recent Score:
Take the Test again Go Home
Azure AD Identity and Governance Illustrations Slideshow
1
If you delete a user account by mistake, can it be restored?
- A user account can be restored when it's deleted within the last 30 days. Go to the deleted user list to see the list of all of the deleted users.
2
What kind of account would you create to allow an external organization easy access?
- A guest user account restricts users to just the access they need.
3
What are user accounts in Azure Active Directory?
- In Azure Active Directory (Azure AD), all user accounts are granted a set of default permissions. A user's account access consists of the type of user, their role assignments, and their ownership of individual objects.
- There are different types of user accounts in Azure AD. Each type has a level of access specific to the scope of work expected to be done under each type of user account. Administrators have the highest level of access, followed by the member user accounts in the Azure AD organization. Guest users have the most restricted level of access.
4
Permissions and roles
- Azure AD uses permissions to help you control the access rights a user or group is granted. This is done through roles. Azure AD has many roles with different permissions attached to them. When a user is assigned a specific role, they inherit permissions from that role. For example, a user assigned to the User Administrator role can create and delete user accounts.
- Understanding when to assign the correct type of role to the right user is a fundamental and crucial step in maintaining privacy and security compliance. If the wrong role is assigned to the wrong user, the permissions that come with that role can allow the user to cause serious damage to an organization.
5
Administrator roles
- Administrator roles in Azure AD allow users elevated access to control who is allowed to do what. You assign these roles to a limited group of users to manage identity tasks in an Azure AD organization. You can assign administrator roles that allow a user to create or edit users, assign administrative roles to others, reset user passwords, manage user licenses, and more.
- If your user account has the User Administrator or Global Administrator role, you can create a new user in Azure AD by using either the Azure portal, the Azure CLI, or PowerShell. In PowerShell, run the cmdlet New-AzureADUser. In the Azure CLI, use az ad user create.
6
Member users
- A member user account is a native member of the Azure AD organization that has a set of default permissions like being able to manage their profile information. When someone new joins your organization, they typically have this type of account created for them.
- Anyone who isn't a guest user or isn't assigned an administrator role falls into this type. A member user is meant for users who are considered internal to an organization and are members of the Azure AD organization. However, these users shouldn't be able to manage other users by, for example, creating and deleting users. Member users don't have the same restrictions that are typically placed on guest users.
7
Guest users
- Guest users have restricted Azure AD organization permissions. When you invite someone to collaborate with your organization, you add them to your Azure AD organization as a guest user. Then you can either send an invitation email that contains a redemption link or send a direct link to an app you want to share. Guest users sign in with their own work, school, or social identities. By default, Azure AD member users can invite guest users. This default can be disabled by someone who has the User Administrator role.
- Your organization might need to work with an external partner. To collaborate with your organization, these partners often need to have a certain level of access to specific resources. For this sort of situation, it's a good idea to use guest user accounts. You'll then make sure partners have the right level of access to do their work, without having a higher level of access than they need.
8
Azure subscription
- An Azure subscription is abilling entity and security boundary.
- Azure subscriptions manage resources, limits, and provide the charges billed to the account owner.
- An Azure AD directory can be associated with multiple subscriptions, but a subscription is always tied to a single directory.
- True or False, an organization can have more than one Azure AD directory? True: While a single directory is created for the organization initially, more can be created to divide the security across boundaries.
9
When is a user considered registered for SSPR?
- When they've registered at least the number of methods that you've required to reset a password.
- A user is considered registered for SSPR when they've registered at least the number of methods that you've required to reset a password. You can set this number in the Azure portal.
10
Which Azure Service preserves data residency and offers comprehensive compliance and resiliency options?
- Regions preserve data residency and offer comprehensive compliance and resiliency options for customers.
11
The company financial comptroller wants to be notified whenever the company is half-way to spending the money allocated for cloud services. Which is the best approach to meeting this requirement?
- Create a budget and a spending threshold. Billing Alerts will help monitor and manage billing activity for your Azure accounts. Budget thresholds can be evaluated and will be reset automatically at the end of a period.