Microsoft Entra : Essential Q&A for Interviews – 4
Hello All,
Greetings for the day!!!
Continue to share Microsoft Entra questions and answers. These will help to prepare interviews, certifications.
Earlier Microsoft Entra questions and answers articles
- Microsoft Entra FAQ: Essential Q&A for Interviews – https://knowledge-junction.in/2025/01/06/entra-interview-preparation/
- Microsoft Entra FAQ: Essential Q&A for Interviews – 2 – https://knowledge-junction.in/2025/01/26/ms-entra-faq-interviews-2/
- Microsoft Entra FAQ: Essential Q&A for Interviews – 3 – https://knowledge-junction.in/2025/02/16/entra-faqs-essential-for-interviews-3/
If you want details for any concept/feature of Microsoft Entra, please specify in comment box. I’ll try to have an article for the same.
Q 1. What is Control Plane?
- A control plane is a term that used within networks.
- It’s the part of a network that routes network traffic around the network architecture.
- So, a control plane is a tool or service that directs access to resources based on specific criteria.
- When it comes to solutions in today’s world, the user identity is the right place to check for access.
- Identity is a clear choice for the control plane.
Q 2. What are Entitlements?
- Entitlements focus on whether or not an identity has been granted (“entitled”) access to a particular resource.
- Microsoft Entra entitlement management aids organizations. It ensures everyone has access to the correct directories. Additionally, it manages all user access consistently.
Q 3. What are access policies?
- Access policies focus on a set of applications, data, and which users and groups can carry out activities.
- The set of rules around getting your job done.
- Focus on the least access we need.
Q 4. What is the license necessity for adding customer branding?
- Either
- Microsoft Entra ID premium P1,
- P2,
- Office 365 (for Office 365 apps) license.
- We have detailed article on Customer branding. https://knowledge-junction.in/2022/08/29/preparing-exam-sc-300-identity-and-access-administrator-configuring-company-brand/
Q 5. What are Administrative Units?
- Administrative units are Microsoft Entra ID resources that can be containers for other Microsoft Entra resources.
- An administrative unit can contain only users, groups, and devices.
Q 6. What admin roles are available for an administrative unit?
- Authentication administrator
- Groups administrator
- Helpdesk administrator
- License administrator
- Password administrator
- User administrator
Q 7. What is a custom security attributes?
- Custom security attributes are business-specific attributes (key-value pairs).
- These attributes can define and assign to Microsoft Entra objects.
- These attributes can be used to store information, categorize objects, or enforce fine-grained access control over specific Azure resources.
- We have detailed article on Custom Security attributes. Please have a look. Preparing exam SC – 300 / Azure – Create, configure, and manage identities – Create custom security attributes – part 11.1
Q 8. What are the permission levels available for guest users?
- Same as member users
- Limited access (default)
- Restricted access
Q 9. How to update permission level for guest user?
- From Microsoft Entra admin center
- Sign in to the Microsoft Entra admin center as a User administrator.
- Select Identity > External Identities.
- Select External collaboration settings.
- On the External collaboration settings page, select Guest user access is restricted to properties and memberships of their own directory objects option
- Select Save. The changes can take up to 15 minutes to take effect for guest users.
- We have detailed article to update guest user permissions using Graph API. Microsoft 365 – Graph APIs – Managing guest permissions level in our Tenant using Microsoft Graph
Q 10. What are the Capabilities of entitlement management?
- Delegate to non-administrators the ability to create access packages
- These access packages contain resources that users can request.
- The delegated access package managers can define policies with rules for which users can request, who must approve their access, and when access expires
- Select connected organizations whose users can request access.
- When a user who isn’t yet in your directory requests access and is approved, they’re automatically invited into your directory and assigned access
- When their access expires, if they have no other access package assignments, their B2B account in your directory can be automatically removed
REFERENCES
- Preparing exam SC – 300 / Azure – Create, configure, and manage identities – Create custom security attributes – part 11.1
- https://knowledge-junction.in/2025/04/05/microsoft-365-graph-apis-managing-guest-permissions-level-in-our-tenant-using-microsoft-graph/
- Microsoft Entra FAQ: Essential Q&A for Interviews – https://knowledge-junction.in/2025/01/06/entra-interview-preparation/
- Microsoft Entra FAQ: Essential Q&A for Interviews – 2 – https://knowledge-junction.in/2025/01/26/ms-entra-faq-interviews-2/
- Microsoft Entra FAQ: Essential Q&A for Interviews – 3 – https://knowledge-junction.in/2025/02/16/entra-faqs-essential-for-interviews-3/
- https://knowledge-junction.in/2021/03/19/azure-sc-300-identity-and-access-administrator-preparation-guide/
- Preparing exam SC – 300 – Identity and Access Administrator – Configuring company brand – part 10 – https://knowledge-junction.in/2022/08/29/preparing-exam-sc-300-identity-and-access-administrator-configuring-company-brand/
We have other interview preparation guides:
- SharePoint – https://knowledge-junction.in/essential-sharepoint-interview-preparation-guide/
- Microsoft Teams – https://knowledge-junction.in/msteams-interview-preparation-guide/
- PowerShell – https://knowledge-junction.in/category/powershell-interview-preparation/
Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!
HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂
