Microsoft Entra : Essential Q&A for Interviews – 4

Hello All,

Greetings for the day!!!

Continue to share Microsoft Entra questions and answers. These will help to prepare interviews, certifications.

Earlier Microsoft Entra questions and answers articles

• Microsoft Entra FAQ: Essential Q&A for Interviews – https://knowledge-junction.in/2025/01/06/entra-interview-preparation/
• Microsoft Entra FAQ: Essential Q&A for Interviews – 2 – https://knowledge-junction.in/2025/01/26/ms-entra-faq-interviews-2/
• Microsoft Entra FAQ: Essential Q&A for Interviews – 3 – https://knowledge-junction.in/2025/02/16/entra-faqs-essential-for-interviews-3/

If you want details for any concept/feature of Microsoft Entra, please specify in comment box. I’ll try to have an article for the same.

Q 1. What is Control Plane?

• A control plane is a term that used within networks.
• It’s the part of a network that routes network traffic around the network architecture.
• So, a control plane is a tool or service that directs access to resources based on specific criteria.
• When it comes to solutions in today’s world, the user identity is the right place to check for access.
• Identity is a clear choice for the control plane.

Q 2. What are Entitlements?

• Entitlements focus on whether or not an identity has been granted (“entitled”) access to a particular resource.
• Microsoft Entra entitlement management aids organizations. It ensures everyone has access to the correct directories. Additionally, it manages all user access consistently.

Q 3. What are access policies?

• Access policies focus on a set of applications, data, and which users and groups can carry out activities.
• The set of rules around getting your job done.
• Focus on the least access we need.

Q 4. What is the license necessity for adding customer branding?

• Either
  • Microsoft Entra ID premium P1,
  • P2,
  • Office 365 (for Office 365 apps) license.
• We have detailed article on Customer branding. https://knowledge-junction.in/2022/08/29/preparing-exam-sc-300-identity-and-access-administrator-configuring-company-brand/

Q 5. What are Administrative Units?

• Administrative units are Microsoft Entra ID resources that can be containers for other Microsoft Entra resources.
• An administrative unit can contain only users, groups, and devices.

Q 6. What admin roles are available for an administrative unit?

• Authentication administrator
• Groups administrator
• Helpdesk administrator
• License administrator
• Password administrator
• User administrator

Q 7. What is a custom security attributes?

• Custom security attributes are business-specific attributes (key-value pairs).
• These attributes can define and assign to Microsoft Entra objects.
• These attributes can be used to store information, categorize objects, or enforce fine-grained access control over specific Azure resources.
• We have detailed article on Custom Security attributes. Please have a look. Preparing exam SC – 300 / Azure – Create, configure, and manage identities – Create custom security attributes – part 11.1

Q 8. What are the permission levels available for guest users?

• Same as member users
• Limited access (default)
• Restricted access

Q 9. How to update permission level for guest user?

• From Microsoft Entra admin center
• Sign in to the Microsoft Entra admin center as a User administrator.
• Select Identity > External Identities.
• Select External collaboration settings.
• On the External collaboration settings page, select Guest user access is restricted to properties and memberships of their own directory objects option
• Select Save. The changes can take up to 15 minutes to take effect for guest users.
• We have detailed article to update guest user permissions using Graph API. Microsoft 365 – Graph APIs – Managing guest permissions level in our Tenant using Microsoft Graph

Q 10. What are the Capabilities of entitlement management?

• Delegate to non-administrators the ability to create access packages
  • These access packages contain resources that users can request.
  • The delegated access package managers can define policies with rules for which users can request, who must approve their access, and when access expires
• Select connected organizations whose users can request access.
  • When a user who isn’t yet in your directory requests access and is approved, they’re automatically invited into your directory and assigned access
  • When their access expires, if they have no other access package assignments, their B2B account in your directory can be automatically removed

REFERENCES

• Preparing exam SC – 300 / Azure – Create, configure, and manage identities – Create custom security attributes – part 11.1
• https://knowledge-junction.in/2025/04/05/microsoft-365-graph-apis-managing-guest-permissions-level-in-our-tenant-using-microsoft-graph/
• Microsoft Entra FAQ: Essential Q&A for Interviews – https://knowledge-junction.in/2025/01/06/entra-interview-preparation/
• Microsoft Entra FAQ: Essential Q&A for Interviews – 2 – https://knowledge-junction.in/2025/01/26/ms-entra-faq-interviews-2/
• Microsoft Entra FAQ: Essential Q&A for Interviews – 3 – https://knowledge-junction.in/2025/02/16/entra-faqs-essential-for-interviews-3/
• https://knowledge-junction.in/2021/03/19/azure-sc-300-identity-and-access-administrator-preparation-guide/
• Preparing exam SC – 300 – Identity and Access Administrator – Configuring company brand – part 10 – https://knowledge-junction.in/2022/08/29/preparing-exam-sc-300-identity-and-access-administrator-configuring-company-brand/

We have other interview preparation guides:

• SharePoint – https://knowledge-junction.in/essential-sharepoint-interview-preparation-guide/
• Microsoft Teams – https://knowledge-junction.in/msteams-interview-preparation-guide/
• PowerShell – https://knowledge-junction.in/category/powershell-interview-preparation/

Thanks for reading the article !!! Please feel free to discuss in case any issues / suggestions / thoughts / questions !!!

HAVE A GREAT TIME AHEAD !!! LIFE IS BEAUTIFUL 🙂