Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
To create access reviews for Azure resources, you must be assigned to the Owner or the User Access Administrator role for the Azure resources. To create access reviews for Azure AD roles, you must be assigned to the Global Administrator or the Privileged Role Administrator role.
https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-create-roles-and-resource-roles-review#prerequisites
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/delegate-by-task
Least privileged roles by task in Microsoft Entra ID
Create, update, or delete access review of a group or of an app- User Administrator
"To create access reviews for Microsoft Entra roles, you must be assigned to the Global Administrator or the Privileged Role Administrator role."
https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review#prerequisites
Access reviews: User Administrator (with the exception of access reviews of Azure or Microsoft Entra roles, which require Privileged Role Administrator). In this case, the Access review is for an Azure role which requires Privileged Role Administrator.
https://learn.microsoft.com/en-us/entra/id-governance/identity-governance-overview?WT.mc_id=Portal-Microsoft_Azure_ELMAdmin#appendix---least-privileged-roles-for-managing-in-identity-governance-features
Look at the table here https://learn.microsoft.com/en-us/entra/id-governance/deploy-access-reviews#who-will-create-and-manage-access-reviews
Specifically the row "Microsoft Entra roles"
The correct answer is B. Identity Governance Administrator.
The Identity Governance Administrator role allows users to create and manage access reviews for Azure AD roles, as well as other identity governance features.
Privileged role administrator: This role allows users to manage all privileged roles in Azure AD. This is more permission than User1 needs, as they only need to be able to create access reviews for Azure AD roles.
This is actually correct. If people are studying for this test they should know by now that if something is referencing Azure AD the test will Mean Azure Entra ID
https://learn.microsoft.com/en-us/entra/id-governance/create-access-review
I stand corrected -
To create access reviews for Azure resources, you must be assigned to the Owner or the User Access Administrator role for the Azure resources. To create access reviews for Microsoft Entra roles, you must be assigned to the Global Administrator or the Privileged Role Administrator role.
Citation:
https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-create-roles-and-resource-roles-review#prerequisites
In Microsoft 365 (M365), users with specific roles can create access reviews for Azure Active Directory (Azure AD) roles. Here are the roles that can perform this task:
Global Administrator: Global administrators have full access to all administrative features in Microsoft 365 and Azure AD, including the ability to create access reviews for Azure AD roles.
Security Administrator: Security administrators have permissions to manage security-related settings in Azure AD, and they can create access reviews for Azure AD roles.
Privileged Role Administrator: Privileged Role Administrators can manage assignments for privileged roles in Azure AD, including the ability to create access reviews for these roles.
The correct answer is B. Identity Governance Administrator.
According to the web search results, the Identity Governance Administrator role can create and manage access reviews for Azure AD roles1. The Privileged role administrator role can only manage Azure AD roles, but not access reviews2. The User administrator and User Access Administrator roles do not have permissions to create or manage access reviews3.
To create access reviews for Azure resources, you must be assigned to the Owner or the User Access Administrator role for the Azure resources.
To create access reviews for Azure AD roles, you must be assigned to the Global Administrator or the Privileged Role Administrator role.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kanag1
Highly Voted 9 months agoJuanZ
Most Recent 1 week, 3 days agoklayytech
1 week, 6 days agorazit
1 month, 1 week agoLeuxah
3 months, 4 weeks agohaazybanj
5 months, 2 weeks agoNyamnyam
5 months, 3 weeks agohaazybanj
5 months, 4 weeks agothrowaway10188
3 months, 2 weeks agothrowaway10188
3 months agoitismadu
6 months, 1 week agoitismadu
6 months, 1 week agoshuhaidawahab
6 months, 3 weeks agorikicm
6 months, 3 weeks agoReinhart68
7 months agoEmnCours
8 months, 3 weeks agoFaizulHaque
8 months, 4 weeks agoeternalenvy
9 months agoeternalenvy
9 months ago