Azure Active Directory (Azure AD/AAD) - correct answer A multi-tenant, cloud-based directory, and
identity management service.
Provides identity management and access control capabilities for your cloud applications.
Helps employees sign in & access resources in:
1. External Resources - Office 365, Azure Portal, SaaS applcations
2. Internal resources - apps on corporate network & intranet, along with cloud apps developed by your
org
Who Uses Azure AD? (3) - correct answer 1. IT Admins - control access to apps & app resources based
on biz requirements. Can use it for MFA, too. Can connect cloud & on-prem resources for Single-Sign-On
(SSO)
2. App developers - standards-based approach for adding single sign-on to apps allowing it to work with
a user's existing credentials.
3. M365, Office365, Azure, and Dynamics CRM online users. Each of these tenants is automatically an
Azure AD tenant. Can immediately manage access to integrated cloud apps.
Azure Tenant - correct answer A dedicated and trusted instance of Azure AD that's automatically
created when an organization signs up for a Microsoft cloud service subscription, such as Microsoft
Azure, Microsoft Intune, or Office 365.
An Azure tenant represents a single organization.
Single Tenant - correct answer Azure tenants that access other services in a dedicated environment
are considered "single tenant" (not shared)
,AZ-104
Multi-Tenant - correct answer Azure Tenants that access other services in a shared environment,
across multiple organizations, are considered multi-tenant
Azure AD directory - correct answer Each Azure tenant has a dedicated & trusted Azure AD directory.
The Azure AD directory includes the tenant's users, groups, and apps and is used to perform Identity &
Access management functions for tenant resources.
Azure AD account - correct answer An identity created through Azure AD or another Microsoft cloud
service, such as Office 365.
Identities are stored in Azure AD and are accessible to an org's cloud service subscriptions.
Account is also sometimes called a "Work" or "School" account.
Custom Domain - correct answer Every new Azure AD directory comes with an initial domain name
"domainname.onmicrosoft.com". In addition to that initial name, you can also add your org's domain
names.
ie "Phitchins@bkd.com"
Account Administrator - correct answer CLASSIC azure subscription admin role that is conceptually
the BILLING OWNER of a subscription.
This role has access to the Azure Account Center and enables you to manage all subscriptions in an
account.
,Service Administrator - correct answer CLASSIC azure subscription admin role that enables you to
manage all Azure resources, including access.
Role has the equivalent access of a user who is assigned Owner role at the subscription scope.
Owner - correct answer This RBAC role helps t manage all Azure resources, including access.
This is a new role built on the new Azure authorization system called "Role-Based Access Control"
(RBAC)
Azure AD Global admin - correct answer This admin role is automatically assigned to whomever
created the Azure AD tenant.
Global admins can perform all of the admin functions for Azure AD and any services that federate to
Azure AD such as Exchange Online, SharePoint Online, and Skype for Business Online.
Can have multiple Global Admins, but only Global admins can assign admin roles (including other Global
admins) to users.
NOTE: Called COMPANY ADMINISTRATOR in Azure PowerShell
Microsoft Account (MSA) - correct answer Personal accounts that provide access to consumer-
oriented Microsoft products & cloud services?
A free account with Microsoft that gives the subscriber access to Microsoft services, such as Hotmail,
Messenger, SkyDrive, Windows Phone, Xbox LIVE, and Outlook.com.
Application Management (AAD) - correct answer Manage cloud & on-prem apps using Application
Proxy, single sign-on, the My Apps portal (aka Access panel), and SaaS apps.
Authentication (AAD) - correct answer Manage Azure Active Directory self-service password reset,
Multi-Factor Authentication, custom banned password list, and smart lockout.
, Business-to-business (B2B)(AAD) - correct answer Manage guest users & external partners, while
maintaining control over corporate data.
Business-to-consumer (B2C)(AAD) - correct answer Customize & control how users sign-up, sign-in,
and manage their profiles when using your apps.
Conditional Access (AAD) - correct answer Manage access to your cloud apps.
Azure Active Directory for developers - correct answer Build apps that sign in all Microsoft identities,
get tokens to call Microsoft Graph, other Microsoft APIs, or custom APIs
Device Management (AAD) - correct answer Manage how your cloud or on-prem devices access your
corporate data.
Domain Services (AAD) - correct answer Join Azure VMs to a domain without using domain
controllers.
Enterprise Users (AAD) - correct answer Manage license assignment, access to apps, and set up
delegates using groups and administrator roles
Hybrid Identity (AAD) - correct answer Use Azure Active DIrectory Connect & Connect Health to
provide a single user identify for authentication and authorization to all resources, regardless of location
(cloud or on-premises)
Identity Governance (AAD) - correct answer Manage your organization's identity through employee,
business partner, vendor, service, and app access controls. Can also perform access reviews.
Identity Protection (AAD) - correct answer Detect potential vulnerabilities affecting your
organization's identities, configure policies to respond to suspicious actions, and then take appropriate
action to resolve them.
