Try the fastest way to create flashcards

SC-900 - May 5, 2023 Study Guide - Part 2 of 4 - Describe the capabilities of Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra (25-30% of Exam)

Get a hint
Click the card to flip 👆
1 / 101
1 / 101
Terms in this set (101)
_____ __ is the tool for identity and access management in the Microsoft Cloud.

It simplifies the way organizations manage authorization and access by providing a single identity system for their cloud and on-premises applications.

It also allows organizations to securely enable the use of personal devices, such as mobiles and tablets, and enable collaboration with business partners and customers.

It is available in four editions:
* Azure AD Free
* Office 365 Apps
* Premium P1
* Premium P2
Describe Azure AD (editions 2/4):

The ______ ___ ____ edition allows you to do everything in the free version, plus self-service password reset for cloud users, and device write-back, which offers two-way synchronization between on-premises directories and Azure AD.

This edition of Azure AD is included with subscriptions to:

* Office 365 E1, E3, E5, F1, and F3
Describe Azure AD (editions 3/4):

Azure AD _______ __ includes all the features in the free and Office 365 apps editions.

It also supports advanced administration, such as:
* dynamic groups
* self-service group management
* Microsoft Identity Manager (an on-premises IAM suite), and
* cloud write-back capabilities, which allow for SSPR for your on-premises users.
Describe Azure AD (editions 4/4):

Azure AD _______ __ offers all the Premium P1 features, and Azure AD Identity Protection to help provide risk-based Conditional Access to your apps and critical company data.

It also gives you Privileged Identity Management (PIM) to help discover, restrict, and monitor administrators and their access to resources, and to provide JIT access when needed.
Describe Azure AD Identities (3/4):

A _______ _________ is a security identity used by applications or services to access specific Azure resources.

You can think of it as an identity for an application.

For an application to delegate its identity and access functions to Azure AD, the application must first be registered with Azure AD to enable its integration.
Describe Azure AD Identities (4/4):

_______ ________ are a type of service principal that are automatically managed in Azure AD and eliminate the need for developers to manage credentials.

They provide an identity for applications to use when connecting to Azure resources that support Azure AD authentication and can be used without an extra cost.

There are two types:

* System-assigned
* User-assigned
Describe Azure AD Identities (Managed Identities 1/2):

When you enable a ______-________ managed identity, an identity is created in Azure AD that is tied to the lifecycle of that service instance.

When the resource is deleted, Azure automatically deletes the identity for you.

By design, only that Azure resource can use this identity to request tokens from Azure AD.
Describe Azure AD Identities:

An _____ __ ______ identity is a piece of hardware, such as mobile devices, laptops, servers, or printers.

It is represented as an object in Azure AD.

These identities can be set up in the following ways:

* Azure AD registered devices
* Azure AD joined devices
* Hybrid Azure AD joined devices
Describe Azure AD Identities (Device Identities 1/3):

An _____ __ __________ d_____ is used to provide users with support for (BYOD) or mobile device scenarios.

With this type of device, a user can access an organization's resources using a personal device.

These types of devices can register to Azure AD without requiring an organizational account to sign in to the device.