How is Azure Active Directory different from Azure Active Directory Domain Services?
Azure AD is primarily an identity solution and designed for HTTP and HTTPS
communications. Azure AD can be queried with a REST API, instead of LDAP. Azure AD uses
federation services, and many third-party services (such as Facebook). Azure AD users and
groups are created in a flat structure. Azure AD does not have Organizational Units (OUs)
or Group Policy Objects (GPOs).
Describe Azure AD Join and the usage cases for it.
: Azure AD Join provides single sign on to your Azure managed SaaS apps and
services. Joined devices have enterprise state roaming of user settings. AD Join provides
seamless access to on-premises resources. Restricts access to apps from only compliant devices.
Describe the Self-Service Password Reset authentication methods can be configured for users.
: Self-Service Password Reset authentication methods include mobile app
notification, mobile app code, email, mobile phone, office phone, and security questions. A
combination of authentication methods can be used
List three features of a user account and two ways a user can be assigned to group
All users must have a user account. The user account is used for authentication
and authorization. Each user account can have additional properties (user profile), like
phone number. You must be a Global Administrator or User Administrator to manage
users. Users can be assigned to groups either directly or dynamically. Dynamic assignment
lets you create complex attribute-based rules.
Describe the steps for creating an Azure policy. What are the advantages of Azure policy?
Azure Policy is a service in Azure which allows you to create polices which enforce
and control the properties of a resource. The advantages include enforcement and
compliance, applying policies at scale, and remediating non-compliant resources. The
creation steps are - create a policy definition, create a policy initiative, scope the initiative,
and determine compliance. A policy example is when a company wants to implement
geographic compliance requirements to limit locations where services can be deployed.
List three RBAC roles and the associated permissions for each role.
: Owner who has full access to all resources and can delegate access to others.
Contributor who can create and manage all types of Azure resources but cannot grant
access to others. Reader who can only view Azure resources. User access administrator
who manages user access to Azure resources. Other roles are possible.
What is the purpose of role-based access control (RBAC) and why would you use it?
RBAC provides fine-grained access management of resources in Azure. RBAC can
be used to segregate duties within a team. RBAC can also grant just the amount of access
users need to perform their jobs. RBAC is an allow model granting access only as assigned.
