Scribd Logo
Upload

Welcome to Scribd!

  • Top Azure Active Directory Interview

    Uploaded by

    jagadish shivaraj
    97 views4 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    97 views4 pages

    Top Azure Active Directory Interview

    Uploaded by

    jagadish shivaraj

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    Top Azure Active Directory Interview

    Questions (2022)
    Azure Active Directory Interview Questions and Answers

    1. What is Azure Active Directory (Azure AD)?


    2. What is the benefit of Azure AD?
    3. What is Azure Active Directory Service architecture design?
    4. What is Userprincipalname in Azure AD?
    5. What is Azure AD join?
    6. What is Azure AD registered?
    7. What is the difference between Azure AD registered and Azure AD joined?
    8. How to configure single sign-on with Azure AD?
    9. In Azure AD, can the client id and tenant id be hidden in the body or header?
    10. What is Azure Active Directory Domain Services (Azure AD DS)?
    11. What is Azure Active Directory Federation Services?
    12. Can we use Azure AD instead of Active Directory?
    13. What is Azure AD B2C?

    Q: What is Azure Active Directory?


    Ans:
    Microsoft's Azure Active Directory (Azure AD) is a cloud-based identity and access management (IAM) solution
    for businesses. The backbone of the Office 365 system is Azure Active Directory, which can sync with on-
    premise Active Directory and offer OAuth authentication to cloud-based applications.

    Q: What is the benefit of Azure AD?


    Ans:
    Azure Active Directory (AD) is a cost-effective and simple-to-use service that helps businesses streamline
    processing, improve productivity, and security, while single sign-on (SSO) gives employees and business
    partners access to thousands of cloud applications like Office 365, Salesforce, and DropBox.

    Q: What is Azure Active Directory Service architecture design?


    Ans:
    Azure Active Directory (Azure AD) allows you to control and manage users access to Azure services and
    resources securly.

    Scaling units are called Partitions for the Azure AD data tier.
    The data tier includes a number of read-write front-end services. The diagram below depicts how the
    components of a single-directory partition are distributed across multiple datacenters.

    The components of Azure AD architecture have primary replica and secondary replicas.
    1. Primary replica

    The primary replica receives all writes for the partition it resides. Before delivering success to the caller, any
    write operation is promptly duplicated to a secondary replica in a different datacenter, providing geo-
    redundant durability of writes.
    2. Secondary replicas

    All directory reads are handled by secondary replicas, which are spread across datacenters in different parts of
    the geographies. Because data is replicated asynchronously, there are multiple secondary replicas. Directory
    reads, like authentication requests, are handled from datacenters that are near to customers. The read
    scalability is handled by the secondary replicas.

    Q: What is Userprincipalname in Azure AD?


    Ans:
    The User Principal Name (UPN) is the unique sign-in name or username that uniquely identifies a user in
    Microsoft's Active Directory. All of Microsoft's online business services are supported by Azure Active Directory
    (Azure AD) (like Microsoft 365, Office 365, Dynamics 365, Power Apps, Azure, etc.)

    Q: What is Azure AD join?


    Ans:
    While keeping your users productive and secure, Azure AD join allows you to join devices directly to Azure AD
    without the need to join to on-premises Active Directory. For both at-scale and scoped deployments, Azure AD
    join is enterprise-ready.
    Q: What is Azure AD registered?
    Ans:
    The purpose of Azure AD registered devices is to facilitate bring your own device (BYOD) or mobile device
    applications for your users. A user can utilise a personal device to access your organization's resources in these
    conditions. Devices that have been added to Azure AD.

    Q: What is the difference between Azure AD registered and Azure AD


    joined?
    Ans:
    Azure AD registration and Intune management are compatible with macOS, iOS, and Android,
    whereas Azure AD join requires a Windows-based client or server. Azure AD joined devices, the user must
    only sign in with their Azure AD account only.

    Q: How to configure single sign-on with Azure AD?


    Ans:
    Admin user only can goto Azure Portal and add a new Application Registration, and can set up SAML 2.0
    Authentication with Azure AD.

    1. Click New registration while on the App registrations page in Azure Active Directory.
    2. Go to Authentication tab on left side -> Platform configurations -> Add a platform -> Choose Web
    3. Go back to Overview -> Add an Application ID URI -> Set to generate a random ID URI for application.
    4. Go to Token configuration -> Click Add optional claim -> Select SAML -> Select email option for the
    Token type.

    Q: In Azure AD, can the client id and tenant id be hidden in the body or
    header?
    Ans:
    The client identifier is not a secret, it is visible to the resource owner and should not be used for client
    authentication on its own.

    According to the OAuth RFC, neither your tenant id nor the client id are
    secrets. https://datatracker.ietf.org/doc/html/rfc6749#section-2.2

    In the URL, the tenant id and client id will be visible. Even if you could pass them in the headers or body,
    they would still be visible to the user via developer tools.

    Q: What is Azure Active Directory Domain Services (Azure AD DS)?


    Ans:
    All managed domain services like domain join, group policy, lightweight directory access protocol (LDAP), and
    Kerberos/NTLM authentication are provided by Azure Active Directory Domain Services (Azure AD DS). Users
    can use these domain services without having to deploy, operate, or patch cloud-based domain controllers
    (DCs).
    Q: What is Azure Active Directory Federation Services?
    Ans:
    Users can utilize Active Directory Federation Services (ADFS) to authenticate with on-premises credentials
    using SSO capability to access all cloud resources.

    Q: Can we use Azure AD instead of Active Directory?


    Ans:
    No, Azure Active Directory isn't a replacement for Active Directory. We can not synchronize computer
    accounts, group policies, OUs, or other objects, however, we could synchronize existing on-premises directories
    (Active Directory or others) with Azure Active Directory.

    Q: What is Azure AD B2C?


    Ans:
    Customer identity and access management are managed in the cloud with Azure AD B2C (Azure Active
    Directory Business-to-Consumer). It improves consumer relationships while also assisting in the protection of
    their identities.

    You might also like