Exam MS-100 topic 3 question 62 discussion

Was in my exam today 05/08/22.

Correct

box 1- answer 1 and 3. Box 2 is correct - this description from azure user admin role - microsoft.directory/users/manager/update Update manager for users

Apology, by mistake I posted my answer here for Question 3, Topic 8 Admin 1 and Admin 3 Only Service Health

This is very weird that all comments are not tested: You can view Microsoft 365 incidents in the Microsoft 365 admin center. Here's how: Sign in to the Microsoft 365 admin center using your admin credentials. In the left navigation pane, click on the Health tab. Under the Service health section, you can view the current status of your services, incidents, advisories, and planned maintenance events. To view more details about an incident, click on the incident and you will be taken to the Service health page for that specific incident. The "Security Reader" and "Security Administrator" roles can view the "Incidents" section in the Microsoft 365 admin center. From the provided roles A and C

Correct answers given.

I have tested to create a guest user from Azure AD portal with a user with "sec admin" role, I found create user is grayed out and only invite user is there. The provided answer is correct, only "user admin" can create guest users. Referecne: https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-quickstart-add-guest-users-portal#:~:text=A%20role%20that%20allows%20you%20to%20create%20users%20in%20your%20tenant%20directory%2C%20like%20the%20Global%20Administrator%20role%20or%20any%20of%20the%20limited%20administrator%20directory%20roles%20such%20as%20guest%20inviter%20or%20user%20administrator

Attribute Definition Administrator (It is not an option) Users with this role can define a valid set of custom security attributes that can be assigned to supported Azure AD objects. This role can also activate and deactivate custom security attributes https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#attribute-definition-administrator

By default, Global Administrator and other administrator roles do not have permissions to read, define, or assign custom security attributes.

In exam today

Reset the password of user 4 : User 1 and User 3. Link - https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-reset-password-azure-portal

IN exam today

Password Administrator CAN'T modify user attribute fields

Security Administrator can not reset user passwords Users with this role have permissions to manage security-related features in the Microsoft 365 security center, Azure Active Directory Identity Protection, Azure Active Directory Authentication, Azure Information Protection, and Office 365 Security & Compliance Center. More information about Office 365 permissions is available at Permissions in the Security & Compliance Center. Password Administrator Can reset passwords for non-administrators and Password Administrators. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator