AZ-104 Microsoft Azure Administrator

Manage device settings and device identity

Practice Test

True or False: In Azure, you cannot use Conditional Access policies to ensure devices meet your standards for security and compliance.

  • Answer: False.

Explanation: Azure Conditional Access lets you establish access conditions for your applications including device compliance.

Which two device settings can you manage using Azure Active Directory?

  • a. Software updates
  • b. User accounts
  • c. Device location
  • d. Security policies

Answer: b. User accounts, d. Security policies

Explanation: Azure Active Directory enables administrators to manage user accounts and security policies. Software updates and device location are not managed by Azure Active Directory.

Which feature of Microsoft Azure allows you to manage device identities?

  • a. Azure Active Directory
  • b. Azure Network Security Group
  • c. Azure Virtual Network
  • d. Azure Traffic Manager

Answer: a. Azure Active Directory

Explanation: Azure Active Directory manages device identities. The rest of the options focus on different aspects of Azure functionality.

True or False: Device settings in Azure can only be applied at the device level and not at a group level.

  • Answer: False.

Explanation: In Azure, device settings can be applied both at the device level and at the group level.

Which Azure service allows you to enforce multi-factor authentication?

  • a. Azure Traffic manager
  • b. Azure DDoS Protection
  • c. Azure Active Directory
  • d. Azure Virtual Network

Answer: c. Azure Active Directory

Explanation: Azure Active Directory allows administrative users to enforce policies like multi-factor authentication.

What is the primary purpose of Azure Device Configuration profiles?

  • a. To control software updates
  • b. To manage permissions and access
  • c. To track device location
  • d. To enable virtualization

Answer: b. To manage permissions and access

Explanation: The Azure Device Configuration profiles primarily control permissions and access.

True or False: Azure AD device settings should be configured according to a specific device rather than a user’s requirements.

  • Answer: True.

Explanation: Azure AD device settings should typically be configured based on specific device requirements and secure standards, not only based on a user’s requirements.

Which Azure service allows you to verify device compliance?

  • a. Azure Virtual Machines
  • b. Azure Active Directory
  • c. Azure Information Protection
  • d. Azure Security Center

Answer: b. Azure Active Directory

Explanation: Azure Active Directory can evaluate and ensure device compliance.

True or False: You can use Azure Active Directory to assign role-based access control.

  • Answer: True.

Explanation: Azure Active Directory supports role-based access control (RBAC) to control the permissions of user accounts or groups.

In Azure, where can you view all device identities?

  • a. Azure Monitor
  • b. Azure Active Directory
  • c. Azure Security Center
  • d. Azure Advisor

Answer: b. Azure Active Directory

Explanation: All device identities in Azure can be viewed in Azure Active Directory.

True or False: Managing Device Identity requires Azure Premium P1 or P

  • Answer: True.

Explanation: Azure AD Device Identity Management is a premium feature that requires at least Azure Premium P1 or P

Which of the following can you NOT do with Azure Device Management?

  • a. Enroll devices
  • b. Create device compliance policies
  • c. View and act on threat and vulnerability information
  • d. Modify firewall settings

Answer: d. Modify firewall settings

Explanation: While you can enroll devices, create device compliance policies, and view and act on threat and vulnerability information with Azure Device Management, modifying firewall settings is not part of its domain.

True or False: Using Azure, you can enforce both device-based and app-based conditional access policies.

  • Answer: True.

Explanation: With Azure, you can enforce conditional access policies at both the device level and at the application level to ensure in-depth security.

Which of the following is NOT a component of Azure’s device settings management?

  • a. Identity Protection
  • b. App Management
  • c. Threat Protection
  • d. Firewall Configuration

Answer: d. Firewall Configuration

Explanation: Azure’s device settings management does not include firewall configuration. It includes identity protection, app management, and threat protection.

True or False: In Azure, you can only manage devices that are part of your own organization’s network.

  • Answer: False.

Explanation: Azure supports multi-tenancy, which means you can manage devices that are part of other organization’s networks if you have been granted access.

Interview Questions

What is Azure AD (Active Directory) Device Identity?

Azure AD Device identity is a representation of a device owned by an organization, registered to the cloud. The device identity is used to manage devices and authenticate if these devices are both trusted and managed.

Where can you view and manage all the devices registered with Azure AD?

You can view and manage all the devices registered with Azure AD in the “Devices” section of the Azure AD in the Azure portal.

What are the default device settings for Azure AD?

The default device settings for Azure AD are:

“Users may join devices to Azure AD” is set to All

“Users may register their devices as Azure AD Joined” is set to None

“Additional local administrators on Azure AD Joined devices” is set to None.

What is the purpose of device settings in Azure AD?

The device settings in Azure AD determine who can join devices to Azure AD, whether devices can be Azure AD joined, and also designates additional local administrators on Azure AD joined devices.

What are managed and unmanaged devices in Azure?

Managed devices are those enrolled in Intune or joined to on-premises AD domain or Azure AD. Unmanaged devices are those not managed by an organization, typically personal devices like home computers, smartphones etc.

What authentication methods are available for Azure AD devices?

The authentication methods for Azure AD devices include password hash synchronization, pass-through authentication, Federated authentication, and Smart card/ Windows Hello for Business.

What is the process to deregister a device from Azure AD?

To deregister a device from Azure AD, you must first sign in as a global administrator or device administrator. You can then access the ‘Devices’ page in the Azure portal, choose the device to be removed, and select ‘Delete’.

How can you enable Automatic MDM enrollment for devices?

Automatic MDM enrollment can be enabled in the ‘Mobility (MDM and MAM)’ section in Azure Active Directory in the Azure portal.

What is the user impact after a device is deleted from Azure AD?

Once a device is deleted from Azure AD, users cannot access company resources from that device using Azure AD until the device is re-registered or joined to Azure AD again.

What is the purpose of ‘Conditional Access’ in Azure AD?

Conditional Access in Azure AD is a tool used to provide security to your data. It allows administrators to implement automated access control decisions for accessing your cloud apps based on conditions.

What is the benefit of enabling the ‘Require MFA for admins’ in Azure AD?

The ‘Require MFA for admins’ setting gives an extra layer of security by requiring administrators to verify their identity using a second form of authentication.

Can you change the name of a device in Azure AD?

Yes, Azure AD allows you to change the device name.

In Azure, how can you limit the number of devices any one user can enroll?

In Azure, you can set a device enrollment limit by going to Intune > Device enrollment > Enrollment restrictions, and then editing the settings under ‘Device limit restrictions’.

How does Azure AD handle device identities?

Azure AD assigns a unique ID to each device when it is registered. This unique ID is then used for authentication, access control and configuration management purposes.

What is Azure Device Writeback?

Azure Device Writeback is a feature that allows devices registered in Azure AD to be written back to on-premises AD. It can be used in scenarios where on-premises resources need to know about the device identities.

Related Post

AZ-104 Microsoft Azure Administrator

Configure and use Azure Monitor for networks

extutorials.com
AZ-104 Microsoft Azure Administrator

Configure and review backup reports

extutorials.com
AZ-104 Microsoft Azure Administrator

Configure VM network settings

extutorials.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You Missed

AZ-900 Microsoft Azure Fundamentals

Describe Azure Resource Manager and Azure Resource Manager templates (ARM templates)

AZ-900 Microsoft Azure Fundamentals

Describe virtual networking, including the purpose of Azure Virtual Networks, Azure virtual subnets, peering, Azure DNS, Azure VPN Gateway, and Azure ExpressRoute

AZ-900 Microsoft Azure Fundamentals

Describe the purpose of Azure Arc

AZ-900 Microsoft Azure Fundamentals

Identify appropriate use cases for each cloud service (IaaS, PaaS, SaaS)