Author: zeusexam

Skill 1.3: Manage Azure subscriptions and governance An Azure subscription, which forms the core of an Azure environment, is a foundational component of every Azure implementation. Every resource that you create in Azure resides in an Azure subscription, which is a billing boundary for Azure resources with per-resource, role-based access controls. As you build and…

Manage multiple directories Each Entra ID tenant (or directory) is managed as an independent resource. There is no parent- child relation between directories, although users from one directory can be invited to another directory through Entra External Identities features. Because each tenant is an independent resource, directories can be created and deleted as needed. This…

Interpret access assignments To manage access (role) assignments, you can use the Azure portal, the Azure CLI, Azure PowerShell, Azure SDKs, or the Resource Manager REST APIs. The following section describes how to manage role assignments using the Azure portal. In the Azure portal, the Access Control (IAM) blade is used to manage access to…

Create a custom role In addition to built-in roles available in Azure, you might need to create a custom role to provide a set of permissions that are not available in any of the built-in roles. Custom roles can be created and assigned through the Azure portal, Azure PowerShell, Azure CLI, and REST API. This…

The specific permissions that are applied to a resource with RBAC are defined in a role definition. A role definition contains the list of permissions—or declared permissions—and those permissions define what actions can or cannot be performed against a type of resource, such as read, write, or delete. Role definitions, or roles, can be either…

Skill 1.2: Manage access to Azure resources Access control in Microsoft Azure is an important part of an organization’s security and compliance requirements. Implementing role-based access control (RBAC) defines access rights at a very granular level, based on each user’s assigned tasks or the day-to-day activities those users need to perform in their roles. This…

Configure self-service password reset The password reset is one of the highest cost-incurring activities for many organizations, and many organizations have dedicated front-line help desks to handle such requests. Self-service password reset (SSPR) allows users to reset their own passwords in Microsoft Entra ID, including the ability to optionally write the password back to an…

Configure Microsoft Entra Join Microsoft Entra includes the ability to manage device identity, which enables single sign-on to devices and the applications and services managed through Entra that are accessed from that device. Managed devices include both enterprise and bring-your-own-device (BYOD) scenarios. This allows users to work from any device, including personal devices, all while…

Manage licenses in Microsoft Entra ID There are a few different license types available with Entra ID: Note that either P1 or P2 licenses are included with other bundles and suites of licenses, such as the Enterprise Mobility + Security suite. To be able to assign a license to a user account, two things must…

Manage user and group properties As users and groups are used, they might need updates to their attributes (or properties). For example, you might need to change a user’s job title, or you might need to add or remove members from an existing group. Users and groups can be updated using management tools such as…