ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 79 discussion

Actual exam question from Microsoft's MS-100
Question #: 79
Topic #: 3
[All MS-100 Questions]

HOTSPOT -
Your company has a Microsoft 365 subscription that contains the users shown in the following table.

External collaboration settings have default configuration.
You need to identify which users can perform the following administrative tasks:
✑ Modify the password protection policy.
✑ Create guest user accounts.
Which users should you identify for each task? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Only a Global Admin can modify the password protection policy.
A Global Admin or a user with the Guest Inviter role can create guest accounts.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-operations
by prepre at April 24, 2021, 8:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
itstudy369
Highly Voted 4 years, 1 month ago
Answer for the 1st question is User1 and User2. 2nd question is all users.
upvoted 29 times
densyo
4 years ago
Correct. Global Administrator and Security administrator can modify password protection. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference "External collaboration settings have default configuration." By default, all users, including guests, can invite guest users. https://docs.microsoft.com/en-us/azure/active-directory/external-identities/delegate-invitations
upvoted 4 times
girikedar
3 years, 10 months ago
Exactly You are absolutely Rigth.. Only Global Administrator & Security Administrator are Eligible to perform Password Protection, but i am in doubt that there is Guest Inviter
upvoted 3 times
...
Turak64
3 years, 10 months ago
Inviting a guest user is not the same as creating one!
upvoted 9 times
BoxGhost
3 years, 3 months ago
Agreed. I would go with User 1 and User 2 only based on the article below. https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal To complete the scenario in this tutorial, you need: A role that allows you to create users in your tenant directory, like the Global Administrator role or any of the limited administrator directory roles such as guest inviter or user administrator.
upvoted 1 times
...
...
...
tf444
3 years, 7 months ago
Do you realize User 2 is also a guest inviter?
upvoted 1 times
...
Ronger
4 years, 1 month ago
Create new guests users, not invite! "You must be a global administrator to perform this task." https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal
upvoted 12 times
Ogabs
3 years, 5 months ago
Anyone in the organization can invite guest users including guests and non-admins (most inclusive) Creating new guest user in Azure AD can be done by any user if the External Collaboration setting is default. I've tested this myself: 1. I've logged in to portal.azure.com using a regular (non-admin) account 2. I navigated to Azure AD > Users 3. Clicked New guest user 4. Select Invite user > Type email address 5. Click Invite This is how you create a guest user in Azure AD. Answer is U1,2,3 & 4
upvoted 3 times
jage01
3 years, 4 months ago
Invite with Global admin account vs the other 3 is different. Just created a guest account with the Global Account, and here to have access to give them access to Groups and Roles. But with 2,3,4 - you can just invite with no options.
upvoted 1 times
...
...
michszym
4 years, 1 month ago
See link you provided: A role that allows you to create users in your tenant directory, like the Global Administrator role or any of the limited administrator directory roles such as guest inviter or user administrator.
upvoted 8 times
...
...
...
TimurKazan
Highly Voted 3 years, 10 months ago
Q1- user 1 and 2 Q2 - user 1 create guest users is different from invite users
upvoted 23 times
...
thehighlandcow
Most Recent 2 years, 3 months ago
Just created a security administrator user. This is able to change the password protection policy within Azure AD. Security administrator cannot CREATE guest users, can only INVITE external users. - Have just tested this, so please test yourselves.
upvoted 1 times
thehighlandcow
2 years, 3 months ago
Ignore the second part. I've just read up about creating guest users....Creating guest users is to INVITE a user, so the security administrator can do this...my bad!
upvoted 1 times
...
...
Meebler
2 years, 4 months ago
Anyone with an Azure tenant can tets this out themselves, I just did Azure->Users->"+ New User"-> you get 2 options 1)Create new user 2)Invite external user just below it, there is an option that says "Help me decide": Authorization for "Create a new user" = Global Admin and user Admin Authorization for "Invite a guest user" = controlled by your directory setting, (And points you to a path) Now the question states... Default config is applied. This question is referring to Inviting a guest user to your tenant as creating an account is assuming that the user is part of your organization and not a guest. "-Create a new guest user in Azure AD, similar to how you'd add a new user. -Assign guest users to apps or groups. -Send an invitation email that contains a redemption link, or send a direct link to an app you want to share." (And gives you a screenshot) Source: https://learn.microsoft.com/en-us/azure/active-directory/external-identities/what-is-b2b#easily-invite-guest-users-from-the-azure-portal
upvoted 1 times
Meebler
2 years, 4 months ago
"Specify who can invite guests: By default, all users in your organization, including B2B collaboration guest users, can invite external users to B2B collaboration. If you want to limit the ability to send invitations, you can turn invitations on or off for everyone, or limit invitations to certain roles." Source: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/external-identities/external-collaboration-settings-configure.md#configure-external-collaboration-settings
upvoted 1 times
Meebler
2 years, 4 months ago
So the answers are: User1 and User2 only User1, User2, User3, and User4 Source for Password protection: https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#authentication-policy-administrator Source for Guest Invite permissions: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/active-directory/external-identities/external-collaboration-settings-configure.md#configure-external-collaboration-settings
upvoted 1 times
...
...
...
Feyenoord
2 years, 4 months ago
Guys please test these kind of things.. I just did, the answers are: User 1 & 2 Only User 1, User 2 & User 4
upvoted 3 times
fessebook
2 years, 3 months ago
Sorry but you're wrong. Any user can invite guests (guests user are created automatically when you invite) So answer for the second part is User1, User2, User3 and User 4
upvoted 1 times
...
...
agnesmandriva
2 years, 6 months ago
2nd https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal A role that allows you to create users in your tenant directory, such as the Global Administrator role or a limited administrator directory role (for example, Guest inviter or User administrator).
upvoted 1 times
...
MEG
3 years, 2 months ago
User1 only can modify the password protection policy. Check this url: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator AND search "password protection policy".
upvoted 2 times
...
briandavisrtr
3 years, 3 months ago
B, B - Why user2 only for "create guest user accounts"? See Prerequisites in this article. https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal
upvoted 1 times
...
RazielLycas
3 years, 5 months ago
When is "create" gueast is always mispelled, if you try to "Create" a guest user in AAD it brings you to INVITE it, the same if you perform the task on Powershell https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-invite-powershell The question is mispelled at the root, if default values are left in place every user is able to invite guest https://docs.microsoft.com/en-us/microsoft-365/solutions/microsoft-365-guest-settings?view=o365-worldwide .. if only Microsoft could stops spraying in multiple places the same thing and collect them in one damn place
upvoted 1 times
...
Senzokuhle
3 years, 5 months ago
The answer is correct. It is currently appearing on AZ 104 as well.
upvoted 1 times
...
joergsi
3 years, 6 months ago
About Question 1: https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator Security Admin can change policies Question 2 https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal Prerequisites A role that allows you to create users in your tenant directory, like the Global Administrator role or any of the limited administrator directory roles such as guest inviter or user administrator.
upvoted 1 times
...
LillyLiver
3 years, 6 months ago
So, I had to look at this in my tenant. Q1: Modify the password protection policy: User1 and User2 only. Global admins and Security Admins can change the password policy. As well as user administrators, but none of these users are user admins, aside from the GA. Q2: Create new guest users in Microsoft Azure Active Directory (Azure AD): User1/2/3/4. External collaboration settings have the default settings. That means all users are allowed to invite guests to the domain. When you invite a guest, it creates a guest account. So they are one-in-the-same. User2 has the Guest Inviter role assigned, which is not needed due to the default collaboration settings. The only time you need to use the Guest Inviter role is when you have restricted who can invite others.
upvoted 8 times
...
Wojer
3 years, 6 months ago
A role that allows you to create users in your tenant, like Global Administrator role or any of the limited administrator directory roles such as guest inviter or user administrator will allow you to create Guest Account
upvoted 1 times
...
TashaGirl
3 years, 6 months ago
It is: Modify password policy - Global Admin, Security Admin. Create (Invite!) users in Azure AD - Global Admin, Security Admin, Password Admin. User with no admin role assigned will be denied access to Azure AD blade.
upvoted 3 times
...
jill44
3 years, 6 months ago
External collaboration settings have a default configuration, everyone can invite guest users. User 1, User 2 can modify ,creat PPP
upvoted 1 times
...
trackexam01
3 years, 7 months ago
answer for 2nd question : user1 and user2 only https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal
upvoted 1 times
...
Jeff8989
3 years, 7 months ago
Security admin can modify password protection. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel