1. Define Azure Active Directory?
Ans: Azure Active Directory is Cloud-based access and identity management service that enables users to access external resources like the Azure portal, Microsoft 365, and several other SaaS applications.
Azure Active Directory's other services include the help provided in enhancing productivity and business streamlining processing. In contrast, the SSO GIVES access to internal resources such as cloud apps developed in your organization or apps on your corporate intranet network.
2. What are the advantages of Azure AD?
Ans: The significant benefits of using Azure AD are
Multiple platform availability: It facilitates operation on various devices and platforms for time consumption and productivity.
Global availability: Operates 28 data centers worldwide and is accessible throughout the globe irrespective of your location.
Single sign-on for multiple applications: Azure AD makes onboarding new employees faster and easier and helps implement access to new cloud services and terminate those for the leavers.
Pre integration with favorite cloud services: Helps collaborate with salesforce, office 365, and social media.
Comprehensive reporting: Protection from additional threats through enhancing security and enabling business monitor applications.
3. Can MFA be enabled or disabled in bulk?
Ans: The MFA portal helps us enable or disable MFA in bulk for the user- level.
4. Define SSPR?
Ans: Self-service password reset of the Active Directory provides the users' allowance to reset or change their password without the assistance of an administrator.
5. Name the steps that help implement MFA?
Ans: Implementing MFA in Azure can be listed in three ways, they are
· User-level MFA
· The policy of conditional access
· Security default.
6. Explain Oauth?
Ans: The primary role of the OAuth protocol is verifying the user's identity but not at the cost of disclosing their passwords. OAuth authorization is covered but does not include authentication.
The tokens obtained by users, generally called bearer tokens, can be used to verify identities. The use of bearer tokens implies verifying a user's identity by third-party services rendering them with secure and privileged resources.
7. Briefly explain the relation of Azure AD with subscriptions?
Ans: Azure AD is a cloud-based identity access management service that, in turn, assists the management of Azure resources. There are one too many subscriptions available, and the admin can trust a single Azure Active Directory. However, a single Azure Active Directory is capable of accessing multiple subscriptions.
8. Who utilizes an Azure Active directory?
Ans: Azure AD is mainly intended for the use of
App developers: Working with the clients' pre-existing credentials and adding SSO to the applications are the two areas where app developers use Azure AD. Here they act as a guideline-based method.
Online subscribers of Azure, Microsoft 365, Dynamics CRM, and Office 365: the online subscribers use Azure AD as it is readily provided with Microsoft 365 for accessing their integrated cloud applications.
As per their business requirements, IT Admins use Azure AD to regulate access to various app resources and apps.
9. What is the User principal name in Azure AD?
Ans: Microsoft's Active Directory is the username or sign-in name that uniquely identifies a user in the User Principal Name (UPN) in Azure AD. The Azure Active Directory supports all the online business services of Microsoft, such as Dynamics 365, Azure, Microsoft 365, Power apps, Office 365, etc.
10. Explain Azure site-to-site VPN?
Ans: Connecting the on-services premises network over the IKE/ IPsec VPN tunnel is one of the significant functions falling under Azure site-to-site VPN. Its primary requirement is a VPN device with which one must assign an extreme-facing public IP.
11. Mention the tools used in the creation of Vents?
Ans: Tools employed in creating Vents are Powershell, Azure CLI, and Azure Portal.
12. How to get the Azure account tenant Id?
Ans: Getting your Azure account tenant id involves the following steps -
· Navigate to dashboard
· Navigate to Active Directory
· Navigate to Properties
· Finally, copy the "Directory ID."
13. What Azure AD B2C features in Azure AD are unavailable?
Ans: The features currently unavailable are :
· The API connectors
· Conditional access.
14. What are the differences between Owner and Global Administrator?
Ans: A person signing up for an Azure subscription is assigned the owner role for Azure resources. This owner can use a school or work account or a Microsoft account to manage services in the Azure portal. It is associated with the Azure subscription.
A person signing up with the QAzure subscription is assigned the global administrator role for the directory. Access to various directory features and related features is given to these administrators. The administrator's job includes managing domain or user licenses, assigning administrative roles to other users, etc.
15. How can the on-premises directory be connected to Azure AD?
Ans: Azure AD connect looks up to connecting your on-premises directory to Azure AD.
Checking up on "Integrating your on-premises identities with Azure Active Directory" provides you with more information.
16. Do people in my organization have access to a self-service portal?
Ans: Yes, the users are given the Azure AD Access Panel by the Azure AD for application access and self-service.
Similarly, in the Office 365 portal, a Microsoft 365 user can avail of the same cap[abilities].
17. What can be done if the required application is missing from the Azure AD marketplace?
Ans: You can add any required application per the user's requirement by subscribing to Azure AD premium. Users can add automated provisioning and SSO configuration based on preferences and the capabilities of the applications.
18. Can the on-premises applications be added?
Ans: The required on-premises web applications chosen are given secure and easy access by the Azure AD application proxy. This process does not involve changing network infrastructure or a VPN requirement. Instead, the user can access it the same way you access the SaaS apps in Azure AD.
19. Is it possible to set up a secure LDAP connection with Azure AD?
Ans: Lightweight Directory Access Protocol(LDAP) is inaccessible through Azure AD. However, adequately configured network groups help enable Azure AD domain services, establishing LDAP connectivity through Azure networking.
20. What is automated user provisioning for SaaS apps?
Ans: Azure VAD automates creating, removing, and maintaining identities in various SaaS apps.
21. What are the license requirements for using Azure AD connect?
Ans: Azure AD Connect does not involve any fee, i.e., it is free and can be availed with an Azure subscription.
22. Name the types of cloud computing in Azure AD?
Ans: The various cloud computing types in Azure AD include :
· IDEAS
· PAAS
· SAAS
23. Define dynamic groups in Azure AD?
Ans: The dynamic groups are those running on the user's attribute. The significant criteria involve satisfying the conditions. Otherwise, the user is removed from the group. Thus, the dynamic groups are active in adding and removing users.
24. What is conditional access in Azure Active Directory?
Ans: Conditional access refers to policies under which actions are completed and helps access resources.
25. What is risk detection?
Ans: Risk detection is categorized under Azure Identity Protection. All the activities against the user account can be detected using Risk detection.
26. Name some critical applications of Azure?
Ans: The critical applications of Azure are as listed below
· Web applications
· Storage
· Cloud services
· Mobile apps
· Media services
· Infrastructure services
27. What are the functions of Azure AD Domain Services?
Ans: Functions of Azure AD services include
· Makes use of domains, forests, and organizational units for object organization.
· Provides authorization and standard authentication
· Customizable schemes
· Provides authentication of NTLM, Kerberos, LDAP, etc.
· Secures object stores
· Provides group policies
28. Explain architecture design under Azure Active Directory service?
Ans: Azure Active Directory makes managing and controlling the resources and services secure for the users.
Primary replica and secondary replica are the two components that fall under Azure AD architecture -
Primary replica: The preceding model receives all the writes for the residing partitions. Before returning success to the caller, all the correct operations are instantaneously duplicated to secondary replicas. Thus, the durability of rights reserved is geo-redundant.
Secondary replica: Secondary replicas located throughout the geographies in data centers service all the directory reads. Asynchronous replication of data is a significant cause of the multiple secondary representations. Data centers near the customers handle the directory reads that include authentication requests.
29. Differentiate between Windows AD and Azure AD?
Ans: Windows active directory is a service that facilitates interconnected and varying network conditions in a unified manner.
Azure AD is a directory for cloud-based applications. It is mainly used for identity management and resource access management by admins.
30. What is Azure AD B2C?
Ans: Azure Active Directory Business to Consumer or Azure AD B2C manages the access and customer identity. Not only the protection of their identities is assisted by Azure AD, but also it enhances consumer relationships.
31. State the enabling and configuration of a single sign-on for an enterprise solution on Azure AD tenant?
Ans: Before configuring SSO, you need the following:
Prerequisites:
Create an Azure Active Directory account using one of the following roles:
1. Owner of Service Principal
2. Application Administrator
3. Cloud Application Administrator
4. Global Administrator
To enable SSO
1. Visit Azure Active Directory Admin Center and sign in with one of the abovementioned roles.
2. Select Enterprise solutions on the left side. Now, you will see a pane with All Applications and the list of applications for your Azure AD tenant. You can choose the one you need; for instance - Azure AD SAML Toolkit
3. Select SSO on the left side of the menu, where you see the Manage section. Open the single sign on the page to edit.
4. To open the configuration page, choose SAML.
5. Next, go to the Setup Azure AD SAML Toolkit 1 panel.
6. Record the inputs of Logout, Login URL, and Azure Active Directory identifier for your future reference.
Configuration of SSO on tenant:
1. Go to the Set Up Single Sign-on panel in the Azure portal and choose the Edit menu.
2. Enter the following for Reply URL https://samltoolkit.azurewebsites.net/SAML/Consume
3. Enter https://samltoolkit.azurewebsites.net/ for Sign on URL
4. Click Save
5. Choose Download for Certificate in SAML Signing Certificate to download the certificate.
6. Use it later whenever you need it.
32. What are Azure Directory domain services?
Ans: The Azure Active Directory domain services include authentication of various managed domain services like the lightweight directory access protocol (LDAP), Kerberos/NTLM, domain join, and group policy. All these domain services are usable for the users without having to operate, patch or deploy the cloud-based domain controllers (DCS).
33. Can a child domain be created under managed domain services?
Ans: The creation of child domains is not allowed under managed domain services. Azure AD Domain services only allow single forest design and single domain provision.
34. What is the method for applying windows updates under Azure AD Domain Services?
Ans: Controllers automatically apply the necessary window updates in a managed domain, even without your configuration or administration.
However, the user must ensure that he does not block access to outbound traffic to Windows updates by creating network security groups.
35. What is the possible way of displaying block devices associated with a virtual machine?
Ans: You can get a list of the blocked devices at a specified domain through the below:
domblklist domain --inactive --details
If you specify the --inactive, you will see the devices that you can use at the next start. However, you can’t see the ones currently used by the running domain.
If you specify the --details, you will have the disk type and device value in the table. Now, you can use the information to get in this table with the domblkinfo and snapshot-create.
36. Can the tenant id and client id be hideable in the body or headers in Azure AD?
Ans: You must not use a client identifier for client authentication as it is visible to the resource owner and not a secret.
The client id and the tenant id are both visible in the URL. Passing them to the body or headers does not mean they are hidden. Their visibility is still accessible via the developer tools.
According to the OAuth RFC, tenant and client id are not secrets.
37. What are the different Azure AD licenses?
Ans: Azure AD licenses include
· “Pay as you go” feature licenses
· Azure Active Directory Free
· Azure Active Directory Premium P1
· Azure Active Directory Premium P2
38. Why made you choose Microsoft Azure over AWS and other platforms?
Ans: The main advantages that give Azure AD an upper hand are:
· Net programming compatibility
· Sync across multiple OS
· SDL foundation
39. How does Azure AD compare to AWS from your viewpoint?
Ans: Your knowledge of developer tools should be compatible with Microsoft's interface for Windows/SQL servers. In addition, it would be best if you were well versed with the deployment options of Azure and AWS as a cloud architect.
40. Where did you learn Azure AD?
Ans: The interviewer asks you if you have a job certification or a college degree in the subject.
41. What are the advantages of auto-scaling in Azure?
Ans: Scaling is based on demand and cost-effective; schedule scaling to a specific period.
42. What is identity in Azure Active Directory?
Ans: Identity in Azure AD is the representation of something or a thing that by some means can be authenticated. For example, identity in the Azure AD Directory usually represents a user with a password associated and a unique username used for authentication. Their authentications can be accessed by the use of secret keys or certificates.
43. Explain passwordless authentication?
Ans: Passwordless authentication is not a process under which remembering the password is not a criterion because authentication is done by using FIDO keys, the MS authenticator app, or Windows Hello for business.
44. What is Azure Active Directory?
Ans:
Microsoft's Azure Active Directory (Azure AD) is a cloud-based identity and access management (IAM) solution for businesses. The backbone of the Office 365 system is Azure Active Directory, which can sync with on-premise Active Directory and offer OAuth authentication to cloud-based applications.
45. What is the benefit of Azure AD?
Ans:
Azure Active Directory (AD) is a cost-effective and simple-to-use service that helps businesses streamline processing, improve productivity, and security, while single sign-on (SSO) gives employees and business partners access to thousands of cloud applications like Office 365, Salesforce, and DropBox.
46. What is Azure Active Directory Service architecture design?
Ans:
Azure Active Directory (Azure AD) allows you to control and manage users access to Azure services and resources securly.
Scaling units are called Partitions for the Azure AD data tier.
The data tier includes a number of read-write front-end services. The diagram below depicts how the components of a single-directory partition are distributed across multiple datacenters.
The components of Azure AD architecture have primary replica and secondary replicas.
Primary replica
The primary replica receives all writes for the partition it resides. Before delivering success to the caller, any write operation is promptly duplicated to a secondary replica in a different datacenter, providing geo-redundant durability of writes.
Secondary replicas
All directory reads are handled by secondary replicas, which are spread across datacenters in different parts of the geographies. Because data is replicated asynchronously, there are multiple secondary replicas. Directory reads, like authentication requests, are handled from datacenters that are near to customers. The read scalability is handled by the secondary replicas.
47. What is Userprincipalname in Azure AD?
Ans:
The User Principal Name (UPN) is the unique sign-in name or username that uniquely identifies a user in Microsoft's Active Directory. All of Microsoft's online business services are supported by Azure Active Directory (Azure AD) (like Microsoft 365, Office 365, Dynamics 365, Power Apps, Azure, etc.)
48. What is Azure AD join?
Ans:
While keeping your users productive and secure, Azure AD join allows you to join devices directly to Azure AD without the need to join to on-premises Active Directory. For both at-scale and scoped deployments, Azure AD join is enterprise-ready.
49. What is Azure AD registered?
Ans:
The purpose of Azure AD registered devices is to facilitate bring your own device (BYOD) or mobile device applications for your users. A user can utilise a personal device to access your organization's resources in these conditions. Devices that have been added to Azure AD.
50. What is the difference between Azure AD registered and Azure AD joined?
Ans:
Azure AD registration and Intune management are compatible with macOS, iOS, and Android, whereas Azure AD join requires a Windows-based client or server. Azure AD joined devices, the user must only sign in with their Azure AD account only.
51. How to configure single sign-on with Azure AD?
Ans:
Admin user only can goto Azure Portal and add a new Application Registration, and can set up SAML 2.0 Authentication with Azure AD.
1. Click New registration while on the App registrations page in Azure Active Directory.
2. Go to Authentication tab on left side -> Platform configurations -> Add a platform -> Choose Web
3. Go back to Overview -> Add an Application ID URI -> Set to generate a random ID URI for application.
4. Go to Token configuration -> Click Add optional claim -> Select SAML -> Select email option for the Token type.
52. In Azure AD, can the client id and tenant id be hidden in the body or header?
Ans:
The client identifier is not a secret, it is visible to the resource owner and should not be used for client authentication on its own.
According to the OAuth RFC, neither your tenant id nor the client id are secrets. https://datatracker.ietf.org/doc/html/rfc6749#section-2.2
In the URL, the tenant id and client id will be visible. Even if you could pass them in the headers or body, they would still be visible to the user via developer tools.
53. What is Azure Active Directory Domain Services (Azure AD DS)?
Ans:
All managed domain services like domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication are provided by Azure Active Directory Domain Services (Azure AD DS). Users can use these domain services without having to deploy, operate, or patch cloud-based domain controllers (DCs).
54. What is Azure Active Directory Federation Services?
Ans:
Users can utilize Active Directory Federation Services (ADFS) to authenticate with on-premises credentials using SSO capability to access all cloud resources.
55. Can we use Azure AD instead of Active Directory?
Ans:
No, Azure Active Directory isn't a replacement for Active Directory. We can not synchronize computer accounts, group policies, OUs, or other objects, however, we could synchronize existing on-premises directories (Active Directory or others) with Azure Active Directory.
56. What is Azure AD B2C?
Ans:
Customer identity and access management are managed in the cloud with Azure AD B2C (Azure Active Directory Business-to-Consumer). It improves consumer relationships while also assisting in the protection of their identities.
No comments:
Post a Comment