Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.

Exam AZ-104 topic 6 question 5 discussion

Actual exam question from Microsoft's AZ-104
Question #: 5
Topic #: 6
[All AZ-104 Questions]

You have an Azure subscription that contains the identities shown in the following table.

User1, Principal1, and Group1 are assigned the Monitoring Reader role.
An action group named AG1 has the Email Azure Resource Manager Role notification type and is configured to email the Monitoring Reader role.
You create an alert rule named Alert1 that uses AG1.
You need to identity who will receive an email notification when Alert1 is triggered.
Who should you identify?

  • A. User1 and Principal1 only
  • B. User1, User2, Principal1, and Principal2
  • C. User1 only
  • D. User1 and User2 only
Show Suggested Answer Hide Answer
Suggested Answer: C ūüó≥ÔłŹ
Email will only be sent to Azure AD user members of the Monitoring Reader role. Email will not be sent to Azure AD groups or service principals.
Reference:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
mlantonis
Highly Voted 2 years, 6 months ago
Correct Answer: C Email will only be sent to Azure AD user members of the Monitoring Reader role. Email will not be sent to Azure AD groups or service principals. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups#email-azure-resource-manager-role
upvoted 146 times
wsrudmen
1 year, 8 months ago
Yes it's not sent to a group. But User2 inherits of the Monitoring Reader role. So he will receive also the notification
upvoted 21 times
...
yaboo1617
7 months, 2 weeks ago
When you set up the Resource Manager role: Assign an entity of type User to the role. Make the assignment at the subscription level. Make sure an email address is configured for the user in their Azure AD profile.
upvoted 2 times
...
rawrkadia
2 years, 5 months ago
Did you actually test this? The question doesn't involve sending an email to a group but is instead concerned with role assignment inheritance from the group. The link you're all posting isn't necessarily relevant. User 2 should inherit the role assignment from the group, you can easily validate that in the portal. I am waiting out the 24hr lag period before testing. Alert group scoped to email on VM creation or deletion, one user assigned role directly and one via group. Will report back.
upvoted 12 times
panjie_s
2 years, 2 months ago
result?
upvoted 7 times
...
...
suriyaswamy
2 years, 3 months ago
Thanks for this Info
upvoted 2 times
...
...
[Removed]
Highly Voted 2 years, 6 months ago
Answer is D. AG sends to users that have 'reader' role, User2 inherits that role through Group1 membership.
upvoted 53 times
NotMeAnyWay
1 year, 4 months ago
Anwser c: User1 only Can't be true, just send 10 seconds reading this from MS Docs: https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups#email-azure-resource-manager-role Only the users in the Manager Role receive the email alert, not the group members or Principals.
upvoted 11 times
garmatey
5 months, 3 weeks ago
why does this have 6 upvotes?
upvoted 1 times
garmatey
5 months, 1 week ago
Now 8? Yall, this person is wrong. No where in that documentation does it say "not the group ***members*** or Principals." It does however say "The email is only sent to Azure Active Directory user members of the selected role, not to Azure AD ***groups*** or service principals."
upvoted 1 times
...
...
Babushka
1 year ago
Folks that do say it's D are saying that's the answer because User 2 inherits Manager Role through Group 1. The AG is configured to send alert on the role which User 2 will have.
upvoted 2 times
...
Razvan123
1 year, 3 months ago
You should not confuse group email (generated on group creation) with individual emails for group members.
upvoted 3 times
...
...
green_arrow
2 years, 5 months ago
I'm agree
upvoted 5 times
...
...
neolisto
Most Recent 1 week, 2 days ago
Selected Answer: D
Correct answer is D. I have tested it in a lab. Logic of this alert is very simple. User1 received an email because he is directly assigned to the Monitoring Reader role (which is in Action group). User2 received alert because he has the same role as a User1, because he inherited this role from the Group1 assignment. It means, that notification was received not because Group1 was selected as a target of notifications in AG1 (1. Cuz it's not; 2. Group can't be assigned as an email receiver, because groups physically have no emails. Service Principals also can't have email address), but because of AG1 condition is set for Monitoring Reader role. Email was sent to User2, because User2 has the same role as a User1. Even if User1 is assigned directly and User2 inherit this role from his Group in AAD.
upvoted 2 times
...
ImpulseEEE
2 weeks, 2 days ago
Selected Answer: C
mlantonis Highly Voted 2 years, 6 months ago Correct Answer: C Email will only be sent to Azure AD user members of the Monitoring Reader role. Email will not be sent to Azure AD groups or service principals.
upvoted 2 times
...
samk01
1 month ago
User1 and User2 are Azure AD users. User1 is directly assigned the Monitoring Reader role, and User2 is a member of Group1, which is also assigned the Monitoring Reader role. However, since emails are not sent to groups, we would not consider User2 despite their membership in Group1. Furthermore, since emails are not sent to service principals (like Principal1 and Principal2), they would also not receive the email. Thus, only the direct user members of the Monitoring Reader role will receive the email. Based on the information provided: The correct answer is: C. User1 only
upvoted 2 times
...
Wuhao
1 month, 1 week ago
Selected Answer: D
User2 has Monitoring Reader role
upvoted 2 times
Batiste2023
3 weeks, 2 days ago
Yes. That is exactly what everyone who puts C forward as the right answer needs to understand: User2 has Monitoring Reader role and WILL receive that email...
upvoted 1 times
...
...
NoobieWon
2 months, 3 weeks ago
"Send an email to the subscription members, based on their role. A notification email is sent only to the primary email address configured for the Azure AD user. The email is only sent to Azure Active Directory user members of the selected role, not to Azure AD groups or service principals. See Email." https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups#email-azure-resource-manager-role
upvoted 1 times
...
Ferlin
3 months, 1 week ago
Selected Answer: C
Email will only be sent to Azure AD user members of the Monitoring Reader role. Email will not be sent to Azure AD groups or service principals. Reference: https://docs.microsoft.com/en-us/azure/azure-monitor/platform/action-groups https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups#email-azure-resource-manager-role
upvoted 1 times
...
RandomNickname
5 months, 2 weeks ago
Selected Answer: C
Agree with C as per explanation mlantonis. See; https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/action-groups#email-azure-resource-manager-role "Send an email to the subscription members, based on their role. A notification email is sent only to the primary email address configured for the Azure AD user. The email is only sent to Azure Active Directory user members of the selected role, not to Azure AD groups or service principals. See Email."
upvoted 2 times
...
rishisoft1
5 months, 2 weeks ago
When you use Azure Resource Manager for email notifications, you can send email to the members of a subscription's role. Email is only sent to Azure Active Directory (Azure AD) user members of the role. Email isn't sent to Azure AD groups or service principals.
upvoted 1 times
...
mahe0204
5 months, 3 weeks ago
Selected Answer: C
Correct Answer is C - User1 Only User1: User1 is assigned the Monitoring Reader role, so they will receive the email notification when Alert1 is triggered. User2: Although User2 is a user and a member of Group1, which is assigned the Monitoring Reader role, individual users take precedence over groups for email notifications. Therefore, User2 will not receive the email notification. Principal1: Principal1 is a Managed Identity and is not a member of any group. Therefore, Principal1 will not receive the email notification. Principal2: Principal2 is a Managed Identity and a member of Group1, which is assigned the Monitoring Reader role. However, individual users take precedence over groups for email notifications. Therefore, Principal2 will not receive the email notification. To summarize, only User1 will receive the email notification when Alert1 is triggered because they have the Monitoring Reader role assigned directly.
upvoted 1 times
garmatey
5 months, 3 weeks ago
source?
upvoted 2 times
...
...
SIAMIANJI
6 months, 2 weeks ago
Selected Answer: D
User1 and User2 only
upvoted 1 times
...
SedateBloggs
9 months, 1 week ago
I Lab'd this by creating a test user account and adding that test user to an azure group that had an Azure Role assignment setup against it (i happened to use the Contributor role, but it can be any role). The test user did NOT have any direct azure role assigned it it. I then setup an action group with the action to email the azure resource manager role (and selected contributor). I then tested the action group and a few minutes later the test email popped into the test users mailbox. This to me indicates that even though the role assignment is to a group, the users nested in that group would receive the alert from the action group. I would therefore suggest it is User 1 and User 2 in this scenario
upvoted 17 times
...
lombri
9 months, 1 week ago
Selected Answer: D
in this scenario, User2 is a member of Group1, which is assigned the Monitoring Reader role. As a result, User2 will inherit the Monitoring Reader role from the group and will be able to receive email notifications when the alert rule named Alert1 is triggered.
upvoted 2 times
...
manthlan
9 months, 3 weeks ago
If an email is not going to be sent to group1 in the first place ,so how is user2 as a member of the group going to receive the email?
upvoted 2 times
...
GBAU
9 months, 3 weeks ago
Everyone be like "Email will not be sent to Azure AD groups or service principals." I be like, "What about Azure AD groups MEMBERS" Mail enabled groups exist, so they definitely wouldn't get any notification email from the above, but what about the members of the group, they inherit the assignment that would qualify them for the email? I think I have to assume it means both, the Group and its members leaving C the answer.
upvoted 1 times
GBAU
9 months, 3 weeks ago
As in, when MS coded it, they only parse the Role Membership for Users and they ignore Groups and Principals. They do not traverse Groups (and possibly sub-groups) in the role looking for more Users. They shortcutted their coding, maybe to reduce load and latency on the actions process.
upvoted 2 times
...
...
AndreaStack
10 months ago
Correct Answer: D User1 and User2 only. To be precise, Managed Identities (Principal1 and Principal2)DO NOT HAVE an email address associated with them and therefore CANNOT receive email notifications from Azure Alerts. In this scenario, only User1 and User2 (as members of Group1) will receive email notifications when the Alert1 is triggered. User2 inherits the Monitoring Reader role from his group, Group1. In Azure Active Directory (Azure AD), you can assign roles to groups, and then add users as members to those groups. Members of a group will inherit the role assignments of the group, allowing you to manage role assignments for multiple users in a centralized way. So, in this scenario, User2 is a member of Group1, which is assigned the Monitoring Reader role. As a result, User2 will inherit the Monitoring Reader role from the group and will be able to receive email notifications when the alert rule named Alert1 is triggered.
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...