Security, Identity, and Governance Revision
Drill the Entra ID, Defender for Cloud, Key Vault, Azure Policy, and compliance topics using flashcard-style recall questions and scenario-based practice.
Identity: Entra ID Core Concepts
Exam-critical Entra ID facts: Entra ID (formerly Azure AD) is Microsoft's cloud identity service — not the same as on-premises Active Directory Domain Services (AD DS). An Entra ID tenant represents an organisation's cloud identity instance. A tenant can have multiple subscriptions but each subscription trusts exactly one tenant. Key objects: Users (individual accounts), Groups (collections of users or devices), Service Principals (application identities), and Managed Identities (Azure-managed service principals).
RBAC vs. Entra ID Roles
A commonly confused AZ-900 distinction: Azure RBAC controls access to Azure resources (VMs, storage accounts, resource groups) and is scoped to subscriptions, resource groups, or individual resources. Entra ID roles control access to Entra ID objects (users, groups, applications, devices) and are scoped within the Entra ID tenant. A Global Administrator in Entra ID does not automatically have access to Azure subscriptions. A Contributor in Azure RBAC cannot manage Entra ID users. The two role systems are separate.
# Assign Azure RBAC Contributor role at resource group scope
az role assignment create \
--assignee user@contoso.com \
--role Contributor \
--scope '/subscriptions/<sub>/resourceGroups/myRG'
# This does NOT give access to manage Entra ID users — those need Entra ID rolesAll lessons in this course
- Cloud Concepts and Azure Architecture Review
- Core Services Quick Reference
- Security, Identity, and Governance Revision
- Exam Strategy and Time Management