Top Azure Active Directory Interview Questions (2024)
What is Azure Active Directory (Azure AD)?
What is the benefit of Azure AD?
What is Azure Active Directory Service architecture design?
What is Userprincipalname in Azure AD?
What is Azure AD join?
What is Azure AD registered?
What is the difference between Azure AD registered and Azure AD joined?
How to configure single sign-on with Azure AD?
In Azure AD, can the client id and tenant id be hidden in the body or header?
What is Azure Active Directory Domain Services (Azure AD DS)?
What is Azure Active Directory Federation Services?
Can we use Azure AD instead of Active Directory?
What is Azure AD B2C?
Q: What is Azure Active Directory?
Ans:
Microsoft's Azure Active Directory (Azure AD) is a cloud-based identity and access management (IAM) solution for businesses. The backbone of the Office 365 system is Azure Active Directory, which can sync with on-premise Active Directory and offer OAuth authentication to cloud-based applications.
Q: What is the benefit of Azure AD?
Ans:
Azure Active Directory (AD) is a cost-effective and simple-to-use service that helps businesses streamline processing, improve productivity, and security, while single sign-on (SSO) gives employees and business partners access to thousands of cloud applications like Office 365, Salesforce, and DropBox.
Q: What is Azure Active Directory Service architecture design?
Ans:
Azure Active Directory (Azure AD) allows you to control and manage users access to Azure services and resources securly.
Scaling units are called Partitions for the Azure AD data tier.
The data tier includes a number of read-write front-end services. The diagram below depicts how the components of a single-directory partition are distributed across multiple datacenters.
The components of Azure AD architecture have primary replica and secondary replicas.Primary replica
The primary replica receives all writes for the partition it resides. Before delivering success to the caller, any write operation is promptly duplicated to a secondary replica in a different datacenter, providing geo-redundant durability of writes.Secondary replicas
All directory reads are handled by secondary replicas, which are spread across datacenters in different parts of the geographies. Because data is replicated asynchronously, there are multiple secondary replicas. Directory reads, like authentication requests, are handled from datacenters that are near to customers. The read scalability is handled by the secondary replicas.
Take a look at our suggested post :
Q: What is Userprincipalname in Azure AD?
Ans:
The User Principal Name (UPN) is the unique sign-in name or username that uniquely identifies a user in Microsoft's Active Directory. All of Microsoft's online business services are supported by Azure Active Directory (Azure AD) (like Microsoft 365, Office 365, Dynamics 365, Power Apps, Azure, etc.)
Q: What is Azure AD join?
Ans:
While keeping your users productive and secure, Azure AD join allows you to join devices directly to Azure AD without the need to join to on-premises Active Directory. For both at-scale and scoped deployments, Azure AD join is enterprise-ready.
Q: What is Azure AD registered?
Ans:
The purpose of Azure AD registered devices is to facilitate bring your own device (BYOD) or mobile device applications for your users. A user can utilise a personal device to access your organization's resources in these conditions. Devices that have been added to Azure AD.
Q: What is the difference between Azure AD registered and Azure AD joined?
Ans:
Azure AD registration and Intune management are compatible with macOS, iOS, and Android, whereas Azure AD join requires a Windows-based client or server. Azure AD joined devices, the user must only sign in with their Azure AD account only.
Q: How to configure single sign-on with Azure AD?
Ans:
Admin user only can goto Azure Portal and add a new Application Registration, and can set up SAML 2.0 Authentication with Azure AD.
- Click New registration while on the App registrations page in Azure Active Directory.
- Go to Authentication tab on left side -> Platform configurations -> Add a platform -> Choose Web
- Go back to Overview -> Add an Application ID URI -> Set to generate a random ID URI for application.
- Go to Token configuration -> Click Add optional claim -> Select SAML -> Select email option for the Token type.
Q: In Azure AD, can the client id and tenant id be hidden in the body or header?
Ans:
The client identifier is not a secret, it is visible to the resource owner and should not be used for client authentication on its own.
According to the OAuth RFC, neither your tenant id nor the client id are secrets. https://datatracker.ietf.org/doc/html/rfc6749#section-2.2
In the URL, the tenant id and client id will be visible. Even if you could pass them in the headers or body, they would still be visible to the user via developer tools.
Q: What is Azure Active Directory Domain Services (Azure AD DS)?
Ans:
All managed domain services like domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication are provided by Azure Active Directory Domain Services (Azure AD DS). Users can use these domain services without having to deploy, operate, or patch cloud-based domain controllers (DCs).
Q: What is Azure Active Directory Federation Services?
Ans:
Users can utilize Active Directory Federation Services (ADFS) to authenticate with on-premises credentials using SSO capability to access all cloud resources.
Q: Can we use Azure AD instead of Active Directory?
Ans:
No, Azure Active Directory isn't a replacement for Active Directory. We can not synchronize computer accounts, group policies, OUs, or other objects, however, we could synchronize existing on-premises directories (Active Directory or others) with Azure Active Directory.
Q: What is Azure AD B2C?
Ans:
Customer identity and access management are managed in the cloud with Azure AD B2C (Azure Active Directory Business-to-Consumer). It improves consumer relationships while also assisting in the protection of their identities.