Azure AD – Basic questions and answers (help to prepare interviews and respective certifications)

Hi All,

Greetings for the day 🙂 LIFE IS BEAUTIFUL 🙂 

On every weekend we are starting sharing basic question and answers (may help to prepare interview and certifications) related to Microsoft cloud technologies (Azure, Azure AD, SharePoint, Microsoft 365, Teams, Power Platform and so on). In this article I’ll share some questions related to Azure AD. We will keep updating the respective articles

So lets begin the show 🙂

What is Azure AD

• Azure Active Directory (Azure AD) is Microsoft’s enterprise cloud-based identity and access management (IAM) solution
• Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps our organization users to sign in and access resources in:
  • External resources, such as Microsoft 365, the Azure portal, and other SaaS applications
  • Internal resources, such as apps on our corporate network and intranet, along with any cloud apps developed by our organization
• Azure AD includes users, groups and apps

Who are the users of Azure AD

• IT Admins – It admins can use Azure AD to control access to our Apps or App resources or to perform various settings for our organizations users. For Ex : Setting of MFA (Multi Factor Authentication) for the various types of users in Azure AD.
• App developers – As app developer we can implement SSO for our app, set the permissions for our app to access particular APIs like MS Graph APIs and so on
• Microsoft 365, Azure or Dynamic 365 subscribers –
  • Every Microsoft 365, Office 365, Azure and Dynamic CRM tenant have an Azure AD tenant
  • From there we can manage our users, groups and apps directly
  • For example – following is my M365 tenant admin center and have there “Azure Active Directory” option as

What are the Azure AD subscriptions / License requirements

• Microsoft has divided Azure AD licensing in following categories. Each type of license provides different types of features as per the respective pricing details. Always the higher level license holds few new features with all features from its lower one
• Azure Active Directory Free
  • Provides user and group management
  • on-premises directory synchronization
  • basic reports
  • self-service password change for cloud users
  • single sign-on across Azure, Microsoft 365, and SaaS apps
• Paid – In paid categories we have two options
  • Azure Active Directory Premium P1 –  
    • All free features
    • hybrid users access both on-premises and cloud resources
    • advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager (an on-premises identity and access management suite) and cloud write-back capabilities, which allow self-service password reset for your on-premises users.
  • Azure Active Directory Premium P2 – 
    • All free features
    • All P1 features
    • offers Azure Active Directory Identity Protection to help provide risk-based Conditional Access to our apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.
• Pay as you Go –
  • All free features
  • All P1 features
  • All P2 features
  • Additional feature licenses, such as Azure Active Directory Business-to-Customer (B2C). ( B2C can help you provide identity and access management solutions for your customer-facing apps )

What is Identity

• Identity is anything that can be authenticated
• User with user name and password
• applications having client id or secret key
• application having client id or certificates

What is Azure AD account

• An identity created from Azure AD – example : users created in Azure AD
• OR identity created through Microsoft cloud service like Microsoft 365. for ex: my organizations users in Microsoft 365 tenant. These users are stored in Azure AD. These kind of accounts we also called a Work or School account

What is Azure Tenant

• Azure tenant is instance of Azure AD which is created when our organization signs up for Microsoft cloud subscription such as Microsoft Azure, Microsoft 365 or Microsoft Intune
• Azure tenant represents single organization

What is Azure AD B2B collaboration?

• Azure Active Directory (Azure AD) business-to-business (B2B) collaboration is a feature which allows us to invite guest users to our organization.
• With B2B collaboration, you can securely share our applications and services with guest users from any other organization, while maintaining control and security of our organization data

How can I connect my on-premises directory to Azure AD?

• We can sync with on-premise Active Directory by using Azure AD Connect and provide authentication to other cloud-based systems via OAuth
• More details on Azure AD Connect – What is Azure AD Connect

What are the license requirements for using Azure AD Connect

• Azure AD Connect feature is free and available with our Azure subscription

How do I set up SSO between my on-premises directory and my cloud applications?

• To implement SSO, we need to setup SSO between our on-premises directory and Azure AD
• We can implement SSO from on-premises through federation solution – Active Directory Federation Service (AD FS) or by configuring password hash sync.
• The above both the options can be deployed using Azure AD Connect configuration wizard
• More details :
  • What is single-sign on – What is Azure Active Directory Seamless Single Sign-On?
  • What is password hash synchronization – What is password hash synchronization with Azure AD?
  • What is federation? – What is federation with Azure AD?

Today I’ll stop here with 10 initial questions 🙂 most probably I’ll come up with next question sets on next weekend:)

If you have any preference on type of questions for Azure AD or you have some questions with your experience kindly please share in comment box. We will incorporate in our list.

We have very good series on Azure AD – please have a look for more details – https://knowledge-junction.com/?s=Azure+AD

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share 🙂 SHARE ING IS CARING 🙂 

Share In Teams:

Enjoy the beautiful life 🙂 Have a FUN 🙂 HAVE A SAFE LIFE 🙂 TAKE CARE 🙂