ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 3 question 13 discussion

Actual exam question from Microsoft's AZ-303
Question #: 13
Topic #: 3
[All AZ-303 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You assign the Global administrator role to Admin1.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
✑ Conduct access reviews to ensure users still need roles
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
by tmfahim at Jan. 2, 2021, 5:32 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
lolo13698
Highly Voted 4 years ago
It should be NO. The questions says the user is already member of "user administrator" which is a prerequisite for Access Review. So giving the user the global admin role can't be the answer. Something else is needed (maybe the P2 licence)
upvoted 27 times
Myfeltf65
4 years ago
Answer is correct https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
upvoted 4 times
...
gizda2
3 years, 8 months ago
this is a perfect example of how a totally false answer can be the highest voted....
upvoted 10 times
examineezer
3 years, 8 months ago
You are right. It should be YES. From below: Azure AD Premium P2 licenses are not required for users with the Global Administrator or User Administrator roles who set up access reviews, configure settings, or apply the decisions from the reviews. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#how-many-licenses-must-you-have
upvoted 4 times
hogtrough
3 years, 7 months ago
That doesn't explain how giving global administrator rights would solve the issue though, it just explains that license is not the issue. Both user administrators and global administrators can perform these tasks, so since the user is already a member of user administrator, global administrator provides no additional value.
upvoted 5 times
...
vvvlloydvvv
3 years, 6 months ago
You are correct that the person setting the access review doesn't require a P2 license. However, the tenant does require a P2 license. Otherwise, no users will be available to conduct the review.
upvoted 3 times
...
...
...
Azurefox79
3 years, 6 months ago
Incorrect - the key here is that they have the correct role for access reviews and also since the other identity gov options are there they have the correct license. PIM is needed but you have to configure PIM. To configure PIM you must be a GA, i've done this several times. Then you can use access review.
upvoted 4 times
gizda2
3 years, 6 months ago
This one!
upvoted 1 times
...
...
...
tmfahim
Highly Voted 4 years, 5 months ago
should be "Yes"
upvoted 14 times
SyntaxError
4 years, 5 months ago
Please see comments here: https://www.examtopics.com/discussions/microsoft/view/13260-exam-az-300-topic-16-question-5-discussion/
upvoted 2 times
...
...
ishin999
Most Recent 3 years, 5 months ago
I think there may be a bit of confusion here....The answer is NO... My understanding of this is that P2 is required at the tenant level...you don't have to allocate a P2 licence to Global admin or User admin to use access review....BUT...you need to allocate any other user a P2 licence out of the licencing pool to allow them to set up access reviews....The fact in this case that the user mentioned has "user admin" already and can't use access reviews indicates that the tenant does not have P2....granting GA will not meet the requirement
upvoted 1 times
...
therealss
3 years, 5 months ago
i believe the answer is yes. another poster mentioned that you already know you have P2 license installed from what you can see on the screen already. so by adding Global Admin role (plus we inferred P2 license is already present) that should be enough to enable the reviews.
upvoted 1 times
...
gcpbrig01
3 years, 6 months ago
Selected Answer: B
Being Global administrator still not help as the tenant needs to be onboarded for access first. hence the answer is no.
upvoted 1 times
gcpbrig01
3 years, 6 months ago
access review*
upvoted 1 times
...
...
Thisismynickname001
3 years, 9 months ago
Access Review prerequisites: > Azure AD Premium P2 > Global administrator or User administrator > Microsoft 365 and Security group owner (Preview) https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review#prerequisites If you are Global Administrator without a license and you try to use Access Review you'll see following error: Tenant does not have a valid license (EMS E5 or P2) required for Access reviews.
upvoted 4 times
Sam_997
3 years, 7 months ago
Just tested this in my subscription as a global admin. You need a P2 licence and Global or User admin rights. The answer should be NO
upvoted 2 times
...
...
mj4
3 years, 9 months ago
going with Yes, If Service admin cant get his access, then we need to give higher permission which is Global admin.
upvoted 1 times
...
mj4
3 years, 9 months ago
User administrator should have required permission, if not ask him to use access review in PIM Answer is B. No for all three questions
upvoted 1 times
...
syu31svc
3 years, 9 months ago
Answer is No https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
upvoted 1 times
...
kumarts
3 years, 9 months ago
Answer is Yes, refer https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
upvoted 2 times
...
network_zeal
3 years, 10 months ago
Answer is YES, as per Microsoft documentation, Azure AD Premium P2 licenses are NOT required for users with the Global Administrator or User Administrator roles who set up access reviews, configure settings, or apply the decisions from the reviews.
upvoted 2 times
...
crazyaboutazure
3 years, 11 months ago
Answer is NO but reason is tenant is onboarded not given which is a requirement. After that if you want to create access review for AD role you need P2 license which is given in question and then you need to have either global or privileged admin role. User admin is suitable for creating access review for app and app group. Period.
upvoted 1 times
gizda2
3 years, 8 months ago
where did you read that "a user named Admin1" is privileged admin?
upvoted 1 times
...
...
akp1000
3 years, 11 months ago
Anser is Yes. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview
upvoted 1 times
...
topicks
3 years, 11 months ago
Azure AD Premium P2 licenses are not required for users with the Global Administrator or User Administrator roles who set up access reviews, configure settings, or apply the decisions from the reviews
upvoted 1 times
...
jd94
3 years, 12 months ago
6/12/2021. Passed the exam. YES
upvoted 4 times
...
Anu2020
3 years, 12 months ago
For Azure AD roles in Privileged Identity Management, only a user who is in the Privileged role administrator or Global administrator role can manage assignments for other administrators. You can grant access to other administrators to manage Privileged Identity Management. Global Administrators, Security Administrators, Global readers, and Security Readers can also view assignments to Azure AD roles in Privileged Identity Management.
upvoted 4 times
...
TSMRE
4 years ago
On exam 6/7/21, I said yes and passed the exam
upvoted 5 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel