ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-303 All Questions

View all questions & answers for the AZ-303 exam
Go to Exam

Exam AZ-303 topic 5 question 89 discussion

Actual exam question from Microsoft's AZ-303
Question #: 89
Topic #: 5
[All AZ-303 Questions]

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You consent to Azure AD Privileged Identity Management (PIM).
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
✑ Conduct access reviews to ensure users still need roles
Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. This includes access to resources in Azure AD, Azure resources, and other Microsoft Online Services like Office 365 or Microsoft
Intune.
References:
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
by xaccan at Jan. 10, 2021, 7:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
[Removed]
Highly Voted 4 years, 3 months ago
NO https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review Prerequisites: Azure AD Premium P2 Global administrator or User administrator (Admin is User administrator)
upvoted 22 times
...
Kraviecc
Highly Voted 4 years, 4 months ago
No is the correct answer. It looks like the tenant has not been onboarded yet.
upvoted 16 times
...
Rissan
Most Recent 3 years, 2 months ago
The question is not about license assumption is P2 license is already there. P2 license is a pre-requiste for PIM
upvoted 1 times
...
AD3
3 years, 4 months ago
Correction to my comment. The answer is YES.
upvoted 1 times
...
marmaduke
3 years, 4 months ago
Azure AD Premium P2 licenses are NOT required for the following tasks: No licenses are required for users who set up PIM, configure policies, receive alerts, and SET UP ACCESS REVIEWS. https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements
upvoted 2 times
...
jr_luciano
3 years, 5 months ago
Correct Answer: A (YES) The problem here is not license.
upvoted 2 times
...
J4U
3 years, 9 months ago
Correct: YES (All other options like Global Admin, P2 license etc are No as Admin1 is already a User Admin) Identity governance scope the access review to Teams + M365 Groups and Applications whereas PIM scope the access review for Users and Groups + Service Principal. So PIM is suitable place for access reviews. The pre-reqs are access review creator should be either User or Global Admin and they no need to have P2 license. However the reviewer should have P2 license to review it.
upvoted 6 times
...
syu31svc
3 years, 9 months ago
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-start-access-review https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review Answer is Yes
upvoted 1 times
tteesstt
3 years, 9 months ago
Both of your links clearly state the following: "Using this feature requires an Azure AD Premium P2 license." I have Owner and Global Administrator role but Access Review still asks me for license.
upvoted 2 times
...
...
tita_tovenaar
3 years, 10 months ago
Y - as commented earlier, P2 license is not needed to *create* access reviews. You need P2 to execute them. To use a metaphore, it's free and easy to sign up for a phone, but actual use costs money :-)
upvoted 3 times
...
nicksu
3 years, 11 months ago
This seem to be an outdated question. There is no need to consent to PIM anymore
upvoted 3 times
...
samsanta2012
4 years ago
NO. Prerequisite to create access reviews in PIM Azure AD Premium P2 license Owner or User Access Administrator Azure role for the resource https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-start-access-review#prerequisite-license
upvoted 2 times
...
Mj11Az
4 years ago
If an Azure AD Premium P2, EMS E5, or trial license expires, Privileged Identity Management features will no longer be available in your directory: But here they can able to consent the PIM i.e P2 license is available. Answer should be yes.
upvoted 2 times
...
AzureGC
4 years, 1 month ago
Y : PIM, See the note, here: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements Azure AD Premium P2 licenses are not required for the following tasks: No licenses are required for users who set up PIM, configure policies, receive alerts, and set up access reviews.
upvoted 4 times
...
DNeo
4 years, 2 months ago
Question doesn't mention about having Azure AD P2 license. Assuming it has already been there (Per user participating in Access Review), PIM should work here
upvoted 4 times
...
legendkiller84
4 years, 3 months ago
PIM also needs an Azure AD P2 license: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements
upvoted 2 times
...
Krsto
4 years, 3 months ago
Tenant does not have a valid license (EMS E5 or P2) required for Access reviews. You get this message when trying to see Access Reviews. And this is with Global admin role. In order to use this you need to have: Azure AD Premium P2 Global administrator or User administrator https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review
upvoted 3 times
...
OLO_90
4 years, 4 months ago
No, you need to purchase an Azure Directory Premium P2 license for contoso.com.
upvoted 1 times
Aghora
4 years, 4 months ago
no you dont , try and test it . you need Global Administrator or Privileged Role Administrator to do this , I tested without P2
upvoted 2 times
...
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel