If you are reading this text, it’s likely that you are interested in the Azure Cloud environment.

To land a job as a DevOps Engineer or Cloud Architect in an Azure environment, it is very important to pass the AZ-104 exam and become a certified Microsoft Azure Administrator, which is often a requirement for many companies.

For more details about the exam, visit: https://learn.microsoft.com/en-us/certifications/exams/az-104/

So, let’s get started!

EntraID (known as Azure AD)

Entra ID is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources.

Entra ID takes this approach to the next level by providing organizations with an Identity as a Service (IDaaS) solution for all their apps across cloud and on-premises.

Entra ID licenses:

  1. Free MFA, SSO, Basic Security and Usage Reports, User Management
  2. Office 365 Apps Company Branding, SLA, Two-Sync between On-Premise and Cloud
  3. Premium 1 Hybrid Architecture, Advanced Group Access, Conditional Access
  4. Premium 2 Identity Protection, Identity Governance

Entra ID can authorize and authenticate to multiple sources:

Active Directory Terminology:


A domain is an area of a network organized around a single authentication database.

An Active Directory (AD) domain is a logical grouping of AD objects on a network.

Domain Controller (DC)

A domain controller is a server that authenticates user identities and authorizes their access to resources.

Domain Computer

A domain computer is a computer that is registered with a central authentication database. It is considered an AD object.

AD Object

An AD object is a basic element of Active Directory, such as:

Group Policy Object (GPO)

A Group Policy Object is a virtual collection of policy settings. It controls what AD objects have access to.

Organizational Units (OU)

An Organizational Unit is a subdivision within an Active Directory into which you can place users, groups, computers, and other organizational units.

Directory Service

A directory service, such as Active Directory Domain Services (AD DS), provides the methods for storing directory data and making this data available to network users and administrators. A Directory service runs on a Domain Controller.


A tenant represents an organization in Entra ID.

A tenant is a dedicated Entra ID service instance.

A tenant is automatically created when you sign up for:

Question 1:

What is Entra ID?

Show Answer

B) Microsoft’s cloud-based identity and access management service.

Question 2:

What can Entra ID authorize and authenticate to?

Show Answer

D) Multiple sources such as on-premise AD, web-applications, and Azure Microsoft.

Question 3:

What is a tenant in the context of Entra ID?

Show Answer

C) A dedicated Entra ID service instance representing an organization.

Azure Roles

Within Azure, there are 3 kinds of roles:

1. Classic Roles: These are subscription administrator roles, representing the original role system.
2. Azure Roles: This is an authorization system known as Role-Based Access Controls (RBAC) and is built on top of Azure Resource Manager.
3. Entra ID Roles: Entra ID roles are used to manage Entra ID resources in a directory.

Identity Access Management (IAM) allows you to create and assign roles to users.

Azure Roles (RBAC System)

Roles restrict access to resource actions (also known as operations). There are two types of roles:

Role Assignment

Role assignment is when you apply a role to:

Classic Administrators is the original role system. It is recommended to use the new RBAC system whenever possible.

Classic Administrators have three types of roles:

Here are a few important built-in Entra ID roles you should know:

You can create custom roles, but you need to purchase either Entra ID Premium P1 or P2.

Question 4:

What are the three kinds of roles in Azure?

Show Answer

B) Classic Roles, Azure Roles, Entra ID Roles

Question 5:

Which of the following statements is true about Classic Administrator roles in Azure?

Show Answer

D) The Service Administrator has the same access as a user assigned the Owner role at the subscription scope.

Question 6:

What is necessary to create custom roles in Azure?

Show Answer

A) Purchase of Entra ID Premium P1 or P2

Final thoughts

In this article, we’ve covered the basics of Entra ID and Azure Roles, provided key terminology and insights, and tested your knowledge with a quiz. By understanding these aspects of Azure, you’re well on your way to becoming proficient in Azure and potentially landing a job in the Azure environment.

We hope that you found this information helpful and that it clarified any questions you had. Stay tuned for more articles to further your understanding of Azure and other cloud technologies.

Follow IncreDevo blog and media – more lessons are about to come!

There are also some lessons provided by Microsoft in terms of AZ-104:


One Response

Leave a Reply

Your email address will not be published. Required fields are marked *