Exam SC-300 topic 1 question 14 discussion

Probably in the exam the cmdlet New-AzureADMSInvitation is proposed and correct

Looks good given external collaboration is allowed/ default settings

Invite user as guest, so a guest user :D

D is Correct. To provide the contractor with access to App1 using their credentials ([email protected]), you should use Azure AD B2B (Business-to-Business) collaboration. This allows external users to access your Azure AD resources using their own credentials. Steps to Provide Access Invite the Contractor as a Guest User: Go to the Azure AD admin center: https://aad.portal.azure.com. Navigate to Azure Active Directory > Users > New guest user. Enter the contractor’s email address ([email protected]) and send the invitation. Assign the Guest User to App1: After the contractor accepts the invitation, go to Azure Active Directory > Enterprise applications. Select App1 from the list of applications. Go to Users and groups and click on Add user/group. Search for the guest user ([email protected]) and assign them to App1. Configure Permissions: Ensure that the guest user has the necessary permissions to access App1. This might involve assigning specific roles or permissions within the application.

https://learn.microsoft.com/pl-pl/training/modules/implement-manage-external-identities/13-configure-identity-providers

C) https://learn.microsoft.com/pl-pl/training/modules/implement-manage-external-identities/13-configure-identity-providers Here you have why C is the proper answer: End-user experience With SAML/WS-Fed IdP federation, guest users sign in to their Microsoft Entra tenant with their own organizational account. When they access shared resources and are prompted to sign in, users are redirected to their identity provider. Upon successful sign-in, users are returned to their Microsoft Entra ID to access resources. If a Microsoft Entra session expires or becomes invalid, and the federated identity provider has SSO enabled, the user uses SSO. If the federated user's session is valid, the user is not prompted to sign in again. Otherwise, the user will be redirected to their identity provider for sign-in. labedzkis

smtp suffix is outlook.com so its a MSFT account this is configured as one of the default identity providers and cannot delete it... so there is nothing you can configure in external collab, guess you have to invite user

Microsoft Entra application access to external user: 1. Setup the External Collaboration setting. 2. Invite the user, once the user accept the invitation they will become a guest user of your tenant. 3. assign the user the app1.

shouldnt D say invite the user not create it?

Answer is correct.

Hi Admin, why is the email not visible. The email is protected. how do are we able to answer questions when/ if the email in the question is protected

B for me. D has to be incorrect as you can't create a Guest User with external Identity via AAD or PowerShell. You can invite one but not create one unless they have a tenancy (contoso.com etc) address. That rules out A and D. C is not correct as Outlook is a configured Identity provider by default so no action is required. With A you can use the external collaboration settings to enable Guest self-sign up via user flows and add the application to the self service flow. It's exactly what they need.

Correct answer is D. New-AzADUser is used to create a new active directory user as work/school account

Hi guys, so correct answer is D, not A? (This cmdlet is used to invite a new external user to your directory.)

Correct, given external collaboration is set to defaults

correct option D

Correct. B2B is the only option in this scenario.