ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 1 question 77 discussion

Actual exam question from Microsoft's AZ-303
Question #: 77
Topic #: 1
[All AZ-303 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You assign the Service administrator role to Admin1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
✑ Conduct access reviews to ensure users still need roles
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
by ercank at Aug. 14, 2020, 9:57 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
JasonYin
Highly Voted 4 years, 8 months ago
Answer should be No. Test in lab, must have one P2 license at least. Then both Global admin and User Administrator Role will be able to do. Admin1 already has User Administrators Role, no need Global Admin role.
upvoted 15 times
Amit3
4 years, 2 months ago
I agree, I tested it as well, you would need P2 license even with Global Admin Role.
upvoted 3 times
...
...
ercank
Highly Voted 4 years, 11 months ago
Definitely YES. I tested it. Global Administrator role make it possible.
upvoted 7 times
pentium75
4 years, 1 month ago
But Admin1 in that example IS NOT "Global Administrator".
upvoted 7 times
...
Wattie
4 years, 11 months ago
Answer should be yes as either the Global admin or Privileged Role admin can do the job
upvoted 2 times
...
temporal111
4 years, 10 months ago
"Azure AD Premium P2 licenses are not required for users with the Global Administrator or User Administrator roles who set up access reviews, configure settings, or apply the decisions from the reviews". With the previos extract, we can think that the correct answer is "No", because, the Admin1 already has "user administrator" role assigned to him.
upvoted 4 times
PieDev
4 years, 9 months ago
So if the answer is no then, you would still need the P2 license and have either Global or User Admin role? Correct?
upvoted 1 times
...
...
...
JayBee65
Most Recent 3 years, 6 months ago
So what we are saying here is that the Admin has the rights they required but AAD does not support it since "Access reviews settings are unavailable", and so a P2 license must not be available, so assigning extra permissions won't help anything.
upvoted 1 times
...
Nands23
3 years, 7 months ago
This was on today's exam. 12/29/2021 correct answer
upvoted 1 times
...
syu31svc
3 years, 11 months ago
Answer is No https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review Prerequisites Azure AD Premium P2 Global administrator or User administrator Microsoft 365 and Security group owner (Preview)
upvoted 6 times
...
leahchawas
4 years ago
For access reviews to be possible ,a Tenant needs an Az AD Premium P2 licence to be assigned to the tenant 1st.If this licence is assigned User Administration role should suffice to achieve access reviews.In this case there is no Premium P2 licence assigned to the tenant and so i think NO is the correct answer here ...
upvoted 3 times
...
pentium75
4 years, 1 month ago
https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review "Prerequisites: Azure AD Premium P2, Global administrator or User administrator, Microsoft 365 and Security group owner (Preview)" Per this, User Administrator should have the permission. If it still is not there, then it's probably due lack of P2. In any case, "Service Administrator" has nothing to do with it, so the answer to THIS specific question ('does assigning Service Administrator fix the issue') is definitely NO.
upvoted 6 times
...
El_Hechizo
4 years, 1 month ago
according to Create an access review of groups & applications - Azure AD | Microsoft Docs user administrator can create access reviews if admin1 can't do it should be because they don't have the P2 Licence. Therefore answer is NO
upvoted 1 times
...
jd94
4 years, 1 month ago
6/12/2021. Passed the exam. NO
upvoted 2 times
...
nfett
4 years, 1 month ago
A is the answer per https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles
upvoted 1 times
...
ManuPadipura
4 years, 10 months ago
Anyone know what is the correct answer?
upvoted 4 times
...
Guilherme
4 years, 10 months ago
I think the correct answer would be "Onboard the Tenant to allow for access reviews", because he is already a user administrator and already have an Azure P2 Licence (all the other identity Governance settings are available)
upvoted 2 times
...
jh5280
4 years, 11 months ago
So to me, based on this URL: https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#license-requirements Seems that once you assign the global administrator role, you don't need the P2 license, therefor, base on the above question it should satisfy the need as Admin1 has the Global Administrator role, is this not correct?
upvoted 4 times
Sri_N
4 years, 11 months ago
It depends on how you create the review, In most cases you will need at least one depending on who does the review.
upvoted 1 times
...
bc5468521
4 years, 10 months ago
true, the user administrator does not require a license to create access review either. The issue is not a global admin or user admin or license; the issue is the user does not consent to PIM term. the answer is NO
upvoted 3 times
...
...
Aand1234
4 years, 11 months ago
No, as it doesn't have P2 license. It requires both P2 license and Role
upvoted 3 times
Sri_N
4 years, 11 months ago
P2 license is already applied refer the following statement "Admin1 discovers that all the other identity Governance settings are available."
upvoted 4 times
Rayrichi
4 years, 10 months ago
@Sri_N what answer would you recommend?
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel