Identity (Entra ID)
⏱ ~3-min readAceMark GuideWhat this topic is really about
A Service Principal is a security identity created for use with applications, hosted services, and automated tools to access specific Azure resources. It represents an application identity rather than a physical user account, making Option A incorrect. Subscriptions and regions (Options C and D) are organizational and geographic concepts, not identities.
Conditional Access analyzes signals such as user identity, location, and device state to make automated access control decisions for applications. It is an identity-based security tool rather than an infrastructure tool, meaning it cannot be used to configure DNS or set virtual machine sizes.
See the mechanism
Conditional Access analyzes signals such as user identity, location, and device state to make automated access control decisions for applications. A diagram for this topic isn't available yet — the worked example below walks the same reasoning step by step.
An exam-style question, fully explained
Conditional Access in Entra ID is used to:
- Identify what the question tests: Conditional Access in Entra ID is used to:.
- Conditional Access analyzes signals such as user identity, location, and device state to make automated access control decisions for applications.
- It is an identity-based security tool rather than an infrastructure tool, meaning it cannot be used to configure DNS or set virtual machine sizes.
Traps the examiner sets
- It represents an application identity rather than a physical user account, making Option A incorrect.
- It does not synchronize source code, logs, or resources to AWS, making the other options incorrect.
Test your recall
Answer each from memory — you'll see instantly whether you're right and why.
Run a focused 10-question mini-mock on Identity (Entra ID) and see it stick.
Practice more of this topic →