Revision

Should include the six pillars: identities, devices, applications, data, infrastructure, and networks. Refer to the content to see explicit examples for each. This topic will be revisited in subsequent learning paths/modules as you further explore identity, security, and compliance

The responses should show that, as the customer moves from on-premises to IaaS to PaaS to SaaS, more of the responsibility shifts to the cloud provider. Importantly, the answer should also reflect that, regardless of which hosting is used, the customer always owns information and data, devices, and accounts and identities.

Should include the layers from the training content: physical security, identity and access, perimeter, network, compute, application, and data. Refer to the training content for some examples of the types of security measures that can be applied to each.

Should include the terms confidentiality, integrity, and availability. Refer to the training content for a description of what is referred to by each of these three components

Should include a statement that defines an identity and the drivers that have led to this concept. This should include the acceleration in number of people working from home; SaaS applications that are hosted outside of the corporate network; the use of personal devices to access corporate resources; the use of unmanaged devices by partners and customers who may need to access your corporate resources; proliferation of IoT devices―and more.

Should include the following identity types: user, service principal, managed identity, and device. When describing the user identity type, the response should include the different external identities supported by Microsoft Entra (B2B and B2C). The response should reference the point that a service principal is like an identity for an application. For a managed identity, there should be reference to system-assigned and user-assigned and some of the differences. For a device identity type, there should be reference to the multiple options for getting devices into Microsoft Entra.

Should include a statement about security defaults in Microsoft Entra, and some of its features, including enforcing multifactor authentication registration for all users. Additionally, the answer should state that security defaults are available as part of the free tier of Microsoft Entra.

Should describe Conditional Access in Microsoft Entra and include a statement about how signals are used to make decisions, and the analogy to if/then statements that might be included. The answer should also reference the different types of signals and the decisions that can be made based on those signals. Lastly, the answer should reference the fact that Conditional Access is implemented through policies that are created in Microsoft Entra. Bonus points could be awarded if they tie the benefits back to Zero Trust methodology

Should include a statement that references entitlement management and its benefits, including the ability to manage access for internal and external users, and create access packages, and access reviews. Refer to the training content for details.

Should include a statement that references Microsoft Entra Identity Protection and describe the tasks: the ability to automate and remediate identity-based risks, investigate risks, and export risk detection data to third-party utilities for analysis. Also describe the types of risks―sign-in and user risk―that can be detected and the type of reports the solution provides. Refer to the training content for more details.