40 Questions
What is the primary goal of the integration strategy in the given scenario?
To ensure password policies and user logon limitations are enforced
What is the purpose of password hash synchronization in the given scenario?
To provide the Users with leaked credentials report
What is the benefit of using pass-through authentication in the given scenario?
It allows for seamless SSO
What is the purpose of Azure AD Connect in the given scenario?
To integrate Active Directory and Azure AD tenant
What is the main sign-in method used in the given scenario?
Pass-through authentication
What is the benefit of using Azure AD Identity Protection?
It provides the Users with leaked credentials report
What is the purpose of failover in the given scenario?
To switch to Password Hash Sync in case of failure
What is the name of the Azure AD tenant in the given scenario?
weylandindustries.com
What should you do after creating a directory?
Add tenant users
Where do you create a new user in the Azure portal?
Under Manage, select Users
What setting is configured in the Azure AD Identity Protection sign-in risk policy?
Sign-in risk level: Medium and above
What is the access setting for the Azure AD Identity Protection sign-in risk policy?
Allow access, Require multi-factor authentication
What happens when Group1 users sign in to Azure AD?
They are allowed access with multi-factor authentication
What happens when Group2 users sign in to Azure AD?
They are not affected by the policy
What is the purpose of the Azure AD Identity Protection sign-in risk policy?
To detect and mitigate sign-in risks
Which of the following roles allows a user to grant admin consent for published apps in Azure Active Directory?
Cloud application administrator
What is the purpose of enabling Security defaults in Azure Active Directory?
To enable multi-factor authentication
Where can you change the setting to prevent users from registering applications in Azure Active Directory?
User settings
Which Azure AD role can onboard Azure AD Identity Protection?
Global Administrator
Which Azure AD role can remediate users and configure policies in Azure AD Identity Protection?
Global Administrator and Security Administrator
What is required to grant admin consent for published apps in Azure Active Directory?
Cloud application administrator role
What is the assignment type of Group1 in Azure AD Privileged Identity Management (PIM)?
Active assignment type, permanently assigned
What happens when you set 'Users can register applications' to 'No' in Azure Active Directory?
Users cannot register applications
What is the effect of an Active assignment type in Azure AD PIM?
A role assignment that doesn't require a user to perform any action to use the role
Which of the following is a built-in role in Azure Active Directory?
Cloud application administrator
What is the primary reason for configuring Consent and permissions settings in Azure Active Directory?
To grant admin consent for published apps
Can a Security Administrator reset a user's password in Azure AD Identity Protection?
No
What can a Security Reader do in Azure AD Identity Protection?
View all Identity Protection reports and Overview blade
What is the error message shown in the exhibit related to when a developer tries to register an app in Azure Active Directory?
Not specified
Who is assigned the Security Administrator role in Azure AD PIM?
Group1 and Group2
What is the assignment type of Group2 in Azure AD Privileged Identity Management (PIM)?
Eligible assignment type, permanently eligible
What is the purpose of the NAT device in each office?
To allow multiple devices to share a single public IP address
What is the name of the Azure AD tenant used by the company?
contoso.com
What is the purpose of Microsoft Authenticator?
To generate time-based codes for two-factor authentication
What is the requirement for MFA in this scenario?
Either a text or phone call is required for MFA
Why is the New York IP address subnet not included in the 'skip multi-factor authentication for requests' setting?
The information is not provided in the scenario
What is the benefit of using Azure Blueprints in this scenario?
It defines a repeatable set of Azure resources that implements and adheres to an organization's standards
What is the purpose of creating separate subscriptions for each department?
To separate the financial and administrative responsibilities for each department
What is the role of Azure AD in this scenario?
It provides a single identity platform for all users and departments
Study Notes
Creating an Azure Active Directory Tenant User
- To create an Azure Active Directory (Azure AD) tenant user, go to the Azure portal, navigate to the Azure Active Directory flyout, and select Users under Manage.
- Click on All users and then select + New user to provide a Name and User name (e.g., user1) for the regular user tenant.
- You can also view the temporary password when creating the user.
Azure Active Directory Identity Protection
- An Azure AD Identity Protection sign-in risk policy can be created with settings for Assignments, Conditions, and Access.
- The policy settings include:
- Assignments: Include Group1, exclude Group2
- Conditions: Sign-in risk level: Medium and above
- Access: Allow access, Require multi-factor authentication
- Based on the policy settings, identify what occurs when users sign in to Azure AD.
Azure Active Directory Roles and Permissions
- Global Administrator and Security Administrator have full access to Identity Protection, but only the Global Administrator can onboard Identity Protection.
- Security Administrator has full access to remediate users and configure policies, but cannot reset user passwords.
- Security Reader can view all Identity Protection reports and the Overview blade, but cannot configure policies.
- Only the Global Administrator can onboard Azure AD Protection, while the Global Administrator and Security Administrator can remediate users and configure policies.
Azure AD Connect and Seamless SSO
- To integrate Active Directory and Azure AD, recommend the use of pass-through authentication and seamless SSO with password hash synchronization.
- This solution meets the goal of ensuring password policies and user logon limitations affect user accounts synced to the Azure AD tenant, while reducing the number of necessary servers.
Azure Blueprints
- Azure Blueprints enable cloud architects and central IT groups to define a repeatable set of Azure resources that implement and adhere to an organization's standards, patterns, and requirements.
- Azure Blueprints can be used to configure each subscription to have the same role assignments when creating separate subscriptions for each department.
User Roles and Permissions
- To grant admin consent for published apps, assign the Cloud application administrator or Application administrator role to User1.
- Modifying the User settings in Azure AD by changing Users can register applications to No can prevent users from registering their own applications.
Learn how to create a new Azure Active Directory tenant user, including setting up a new user and assigning a temporary password.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free