AZ-102 AAD

¡Supera tus tareas y exámenes ahora con Quizwiz!

enable a one-time bypass

The one-time bypass feature allows a user to authenticate a single time without performing two-step verification. The bypass is temporary and expires after a specified number of seconds. In situations where the mobile app or phone is not receiving a notification or phone call, you can allow a one-time bypass so the user can access the desired resource.

conditional access policy

Users or groups Applications they're attempting to access Controls to be fulfilled, such as Multi-Factor Authentication

Microsoft's cloud-based identity and access management service

What is Azure Active Directory

RBAC is an allow model.

What this means is that when you are assigned a role, RBAC allows you to perform certain actions, such as read, write, or delete. So, if one role assignment grants you read permissions to a resource group and a different role assignment grants you write permissions to the same resource group, you will have write permissions on that resource group.

How does Azure Multi-Factor Authentication Server handle user data?

With Multi-Factor Authentication Server, user data is stored only on the on-premises servers. No persistent user data is stored in the cloud. When the user performs two-step verification, Multi-Factor Authentication Server sends data to the Azure Multi-Factor Authentication cloud service for authentication. Communication between Multi-Factor Authentication Server and the Multi-Factor Authentication cloud service uses Secure Sockets Layer (SSL) or Transport Layer Security (TLS) over port 443 outbound.

AAD Conditional Access

With conditional access, you can implement automated access control decisions for accessing your cloud apps that are based on conditions.

How does RBAC work

You control access to resources using RBAC by creating role assignments, which control how permissions are enforced. To create a role assignment, you need three elements: a security principal, a role definition, and a scope. You can think of these elements as "who", "what", and "where".

A role definition in Azure is a collection of permissions?

`true

What is an MFA Provider?

here are two types of Auth providers, and the distinction is around how your Azure subscription is charged. The per-authentication option calculates the number of authentications performed against your tenant in a month. This option is best if you have a number of users authenticating only occasionally. The per-user option calculates the number of individuals in your tenant who perform two-step verification in a month. This option is best if you have some users with licenses but need to extend MFA to more users beyond your licensing limits.

Role-based access control (RBAC)

is an authorization system in Azure that helps you manage who has access to Azure resources, what they can do with those resources, and where they have access.

Sign-in risk:

is an indicator of the likelihood (high, medium, or low) that a sign-in wasn't made by the legitimate owner of a user account. Azure AD calculates the sign-in risk level during a user's sign-in. You can use the calculated sign-in risk level as condition in a conditional access policy.

NotActions permissions

is not a deny rule - it is simply a convenient way to create a set of allowed permissions when specific permissions need to be excluded.

Scope (where

is where the access applies to. This is helpful if you want to make someone a Website Contributor, but only for one resource group.

role assignment

the process of binding a role to a security principal at a particular scope, for the purpose of granting access. To grant access, you create a role assignment. To revoke access, you remove a role assignment.

Role definition (what you can do)

A role definition is a collection of permissions. It's sometimes just called a role. A role definition lists the permissions that can be performed, such as read, write, and delete. Roles can be high-level, like Owner, or specific, like Virtual Machine Contributor.

Security principal

A security principal is just a fancy name for a user, group, or application that you want to grant access to.

How is Azure Active Directory helping employees

Azure AD helps your employees sign in and access resources in

Suppose you want to assign a role to allow a user to create and manage Azure resources but not be able to grant access to others. Which of the following built-in roles would support this?

Contributor

Azure Active Directory Identity Protection

Get a consolidated view of flagged users and risk events detected using machine learning algorithms Set risk-based Conditional Access policies to automatically protect your users Improve security posture by acting on vulnerabilities

IAM

Identity and Access control management On this blade, you can see who has access to that area and their role. Using this same blade, you can grant or remove access.

What is the inheritance order for scope in Azure?

Management group, Subscription, Resource group, Resource

Is my organization charged for sending the phone calls and text messages that are used for authentication?

No, you are not charged for individual phone calls placed or text messages sent to users through Azure Multi-Factor Authentication. If you use a per-authentication MFA provider, you are billed for each authentication but not for the method used. Your users might be charged for the phone calls or text messages they receive, according to their personal phone service.

How to get Multi-Factor Authentication?

One of the following Azure Active Directory Premium licenses P1/P2 Azure MFA Service (Cloud) Azure MFA Server Multi-Factor Authentication for Office 365 Azure Active Directory Global Administrators

built-in roles

Owner - Has full access to all resources, including the right to delegate access to others. Contributor - Can create and manage all types of Azure resources, but can't grant access to others. Reader - Can view existing Azure resources. User Access Administrator - Lets you manage user access to Azure resources.

Multi-factor authentication (MFA)

Security based on layer approach password and 2 of more additional authentication method additional authentication method Something you know (typically a password) Something you have (a trusted device that is not easily duplicated, like a phone) Something you are (biometrics)

SSPR

Self Service Password reset


Conjuntos de estudio relacionados

Adult Gerontology - Male Genitourinary Problems

View Set

Typescript - Basics (Sections 1-4)

View Set

Chapter 22 (Management of Patients with Upper Respiratory Tract Disorders)

View Set

Bio Chapter 17 - Olfaction & Gustation

View Set

Chapter 10: Baroque Instrumental Music

View Set