You have an Azure Active Directory (Azure AD) tenant that contains the groups shown in the following table. For which groups can you create an access review?
Tested: Technically you can create access review for Dynamic Device group (no errors/warnings during the creation), however it doesn't work and you will see a hitch "Warning - No access to review" for that access review in the list.
perfect input. but what about that "it says create an access review". you created the access review for dynamic device group. so do you agree that the answer is E?
Answer D: Both Copilot and Gemini. You are correct that dynamic groups, particularly those with dynamic user memberships, cannot have roles directly assigned to them. However, access reviews for dynamic groups can still be useful for several reasons:
Ensuring Compliance: Access reviews can help ensure that the dynamic membership rules are correctly configured and that the users who meet these criteria are appropriate for the group's intended purpose.
Auditing Membership Rules: Regular reviews can help audit the rules that define dynamic memberships, ensuring they are up-to-date and reflect current organizational policies.
Security and Governance: Even though roles cannot be assigned directly, dynamic groups can still be used for access control in applications and resources. Reviewing these groups helps maintain security and governance standards.
Monitoring Changes: Access reviews can help monitor changes in group membership over time, ensuring that any unexpected changes are identified and addressed promptly.
Yes, you can include both Microsoft 365 groups and security groups (including dynamic device groups) in an access review in Azure Active Directory (Azure AD) - From Co-pilot
The distribution of votes shows that there is indeed a lack of clarity within the community regarding this question. As discussed, Azure does allow for the creation of access reviews for Dynamic Device groups, but the usage of this feature is not meaningful or functional. Thus the strictly correct answer would indeed be:
E. Group1, Group2, Group3, Group4 and Group5
However, if the question is interpreted in terms of which groups can have a functionally meaningful access review, the answer would be:
D. Group1, Group2, Group4, and Group5 only
Microsoft in their official documentation does not explicitly mention device groups with regards to Access Reviews, which lends more weight to option D being the correct interpretation.
it is D - https://learn.microsoft.com/en-us/training/modules/plan-implement-manage-access-review/2-plan-for-access-reviews , mentions both Dynamic groups, and also, access review is for users
i hate this sort of questions, nobody knows what is the correct answer, because you can create the review for all of this groups. But it does not make sense because only users can be reviewed in the actual review.
We can create access review to all.
Note: we can also create access review to dynamic devices. though no access review can be seen , question is only asking for access review creation not for the actual review.
Reading through the below documentations I think suggested answers are wrong.
Right answer should be : B: Group 1 & 4 only (which are assigned roles)
Global administrators and Privileged Role administrators can create reviews on role-assignable groups. For more information, see Use Azure AD groups to manage role assignments.
https://learn.microsoft.com/en-us/azure/active-directory/governance/create-access-review
The membership type for role-assignable groups must be Assigned and can't be an Azure AD dynamic group. Automated population of dynamic groups could lead to an unwanted account being added to the group and thus assigned to the role.
https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept
i dont get the point of creating access review for DYNAMIC group since members or devices are added based on condition......whats the point or use case here
This section is not available anymore. Please use the main Exam Page.SC-300 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
zmlapq99
Highly Voted 3 years, 4 months agoa6792d4
1 year, 1 month agosapien45
2 years, 11 months agoMajorUrs
Highly Voted 4 years, 1 month agoObi_Wan_Jacoby
Most Recent 1 month, 4 weeks agoCams420
5 months, 3 weeks agoMatt19
8 months, 2 weeks agoANiMOSiTYOP
1 year, 3 months agojim85
11 months, 3 weeks agokijken
1 year, 6 months agokijken
1 year, 6 months agoNyamnyam
1 year, 7 months agoSorrynotsorry
1 year, 7 months agoonelove01
1 year, 6 months agoAK_1234
1 year, 8 months agoACSC
1 year, 8 months agoLogitech
1 year, 9 months agoVince_MCT
1 year, 10 months agoEmnCours
1 year, 11 months agoOK2020
1 year, 11 months agodule27
1 year, 11 months agochikorita
2 years, 3 months agokmk_01
2 years, 2 months ago