ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 1 question 56 discussion

Actual exam question from Microsoft's SC-300
Question #: 56
Topic #: 1
[All SC-300 Questions]

You have an Azure AD tenant that contains a user named Admin1.

You need to ensure that Admin1 can perform only the following tasks:

• From the Microsoft 365 admin center, create and manage service requests.
• From the Microsoft 365 admin center, read and configure service health.
• From the Azure portal, create and manage support tickets.

The solution must minimize administrative effort.

What should you do?

  • A. Create an administrative unit and add Admin1.
  • B. Enable Azure AD Privileged Identity Management (PIM) for Admin1.
  • C. Assign Admin1 the Helpdesk Administrator role.
  • D. Create a custom role and assign the role to Admin1.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by kanag1 at Aug. 1, 2023, 9:37 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hellawaits111
Highly Voted 2 years ago
Selected Answer: C
Role explained here: https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#helpdesk-administrator
upvoted 18 times
Logitech
1 year, 10 months ago
You need to ensure that Admin1 can perform only the following tasks... Sounds pretty clear that the user should not be able to to more than this 3 things. With Helpdesk Admin you can do more. Really supid MS Question again.... D should be the answer.
upvoted 9 times
...
Alcpt
1 year, 2 months ago
nope The answer is D. Users with Helpdesk Administrator role can: change passwords, Invalidate refresh tokens, Create and manage support requests with Microsoft for Azure and Microsoft 365 services, and MONITOR service health. To CREATE a support request: You must have the Owner, Contributor, or Support Request Contributor role, or a CUSTOM role with Microsoft.Support/*, at the subscription level. A Helpdesk Admin CANNOT CREATE and MANAGE support tickets. You are forced to create a custom role to 1. satisfy all your needs , 2. least admin has no choice here.
upvoted 10 times
photon99
7 months, 3 weeks ago
You are wrong. Helpdesk Admin CAN create Support Tickets: microsoft.azure.supportTickets/allEntities/allTasks : Create and manage Azure support tickets : https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#helpdesk-administrator
upvoted 6 times
Giuseppe_Geraci
2 months, 2 weeks ago
The question says: ONLY. Heldesk can do more.
upvoted 1 times
...
...
...
...
Nyamnyam
Highly Voted 1 year, 8 months ago
Selected Answer: D
ONLY the following tasks. Indeed Helpdesk Admin can fulfill the three requirements, but has other permissions, which are labeled PRIVILEGED in https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#helpdesk-administrator
upvoted 14 times
...
Aikendrum
Most Recent 1 month, 1 week ago
Selected Answer: D
To meet these specific requirements while minimizing administrative overhead, the optimal solution is to assign the "Service Support Administrator" role to Admin1. Here’s why this works: The Service Support Administrator role allows a user to: Create and manage support requests in both the Microsoft 365 admin center and the Azure portal. View and configure Service Health and Message Center notifications in Microsoft 365. It does not grant broader administrative privileges—making it ideal for least-privilege scenarios. Why this is the best fit it covers all three tasks listed. It’s a built-in role, so you don’t need to create a custom one. Assigning it is straightforward, reducing administrative effort.
upvoted 1 times
...
AcTiVeGrEnAdE
3 months ago
Selected Answer: D
This question tests reading comprehension. While the Helpdesk Administrator role meets the following requirements: Create and manage Azure support tickets microsoft.azure.supportTickets/allEntities/allTasks Read and configure Service Health in the Microsoft 365 admin center microsoft.office365.serviceHealth/allEntities/allTasks Create and manage Microsoft 365 service requests microsoft.office365.supportTickets/allEntities/allTasks the questions is asking for least privilege to only allow what is listed above and that can only be done with a custom role....so D is the answer.
upvoted 1 times
...
YesPlease
5 months, 2 weeks ago
Selected Answer: D
Answer) D Helpdesk Administrator CANNOT configure service health...so this is why answer is D and not "Helpdesk Administrator"
upvoted 1 times
...
vdnh00
6 months ago
Selected Answer: C
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#helpdesk-administrator
upvoted 2 times
...
penatuna
10 months ago
D. I would say that least privileged is always more important than minimizing administrative effort.
upvoted 1 times
...
omnomsnom
1 year, 1 month ago
In the real world, the Service Support Administrator role exists for this use case.
upvoted 1 times
...
bpaccount
1 year, 3 months ago
Selected Answer: C
It's C, a custom role isnt the least administrative effort.
upvoted 1 times
...
Justin0020
1 year, 3 months ago
Selected Answer: C
The best solution is D, de one with the least administrative effort is C so i say C.
upvoted 2 times
...
emartiy
1 year, 4 months ago
Selected Answer: D
need to ensure that Admin1 can perform only the following tasks means that create a custom role an assign what you want a user can perform as admin :) D - D - D - D - ::)))
upvoted 4 times
...
Er_01
1 year, 5 months ago
Selected Answer: C
Help desk admin - description - role permissions. Here, the 3 items in the question are listed under lines 5,6,8 verbatim.
upvoted 1 times
...
Er_01
1 year, 7 months ago
Selected Answer: D
It is for ONLY these items and HD Admin does alot more so a custom role for it fits the bill.
upvoted 5 times
...
marco_aimi
1 year, 7 months ago
"minimize administrative effort" using custom role? hum..
upvoted 5 times
...
RoelvD
1 year, 7 months ago
Selected Answer: D
"can perform only".. Helpdesk admin can do more then that. So D.
upvoted 5 times
...
onelove01
1 year, 8 months ago
Selected Answer: D
Key word here is "ONLY", implying they can't perform any task outside of the three listed. D is the correct answer
upvoted 8 times
...
Alscoran
1 year, 8 months ago
Selected Answer: D
It doesn't ask for password resets so why would you give such privileges. Has to be D.
upvoted 6 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel