ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 88 discussion

Actual exam question from Microsoft's MS-500
Question #: 88
Topic #: 1
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to ensure that User1 can review Conditional Access policies.

Solution: You assign User1 the Authentication Administrator role.

Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by smiff at April 11, 2023, 1:42 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DavidBM
2 years ago
Selected Answer: B
No, assigning User1 the Authentication Administrator role will not allow them to review Conditional Access policies. The Authentication Administrator role allows users to manage authentication features and settings for Azure Active Directory (Azure AD), such as password policies and multi-factor authentication Therefore, the answer is B. No.
upvoted 2 times
...
AnonymousJhb
2 years, 2 months ago
Selected Answer: B
Assigning the Authentication Administrator role to User1 would not meet the goal of allowing them to review Conditional Access policies. The Authentication Administrator role is a high-privileged role in Azure AD that provides full access to manage authentication methods and passwords for all users in the directory. This role does not provide access to Conditional Access policies or any other security-related features.
upvoted 4 times
...
RomanV
2 years, 2 months ago
B. No. Assigning the Authentication Administrator role to User1 would not meet the goal of allowing them to review Conditional Access policies. The Authentication Administrator role is a high-privileged role in Azure AD that provides full access to manage authentication methods and passwords for all users in the directory. This role does not provide access to Conditional Access policies or any other security-related features. Therefore, assigning the Authentication Administrator role to User1 would not provide them with the necessary permissions to review Conditional Access policies. A more appropriate solution would be to assign them the Security Reader role, which provides read-only access to security-related information in Azure AD, including Conditional Access policies.
upvoted 1 times
RomanV
2 years, 2 months ago
To see applied Conditional Access policies in the sign-in logs, administrators must have permissions to view both the logs and the policies. The least privileged built-in role that grants both permissions is Security Reader. As a best practice, your Global Administrator should add the Security Reader role to the related administrator accounts. The following built-in roles grant permissions to read Conditional Access policies: Global Administrator Global Reader Security Administrator Security Reader Conditional Access Administrator The following built-in roles grant permission to view sign-in logs: Global Administrator Security Administrator Security Reader Global Reader Reports Reader Source: https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/how-to-view-applied-conditional-access-policies
upvoted 3 times
...
...
V1nc3n7
2 years, 2 months ago
Selected Answer: B
https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#authentication-administrator does not list microsoft.directory/conditionalAccessPolicies/standard/read
upvoted 1 times
...
smiff
2 years, 2 months ago
Selected Answer: B
Answer: No https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/how-to-view-applied-conditional-access-policies
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel