Exam AZ-500 topic 2 question 59 discussion

Given answers are correct. For Group5, You can add enterprise applications to security groups. (Tested & Verified)

Answer is Group5: User1, Group1, Managed1 Group6: User1 Here is why: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-learn-about-groups#group-types Members of a security group can include users, devices, other groups, and service principals, which define access policy and permissions. Owners of a security group can include users and service principals. Members of a Microsoft 365 group can only include users.

Answer is correct You can manage two types of groups in the Microsoft Entra admin center: https://learn.microsoft.com/en-us/entra/fundamentals/concept-learn-about-groups Security groups: Used to manage access to shared resources. Members of a security group can include users, devices, service principals. Groups can be members of other groups, sometimes known as nested groups. See note. Users and service principals can be the owner of a security group. Microsoft 365 groups: Provide collaboration opportunities. Members of a Microsoft 365 group can only include users. Users and service principals can be the owner of a Microsoft 365 group. People outside of your organization can be members of a group. For more information, see Learn about Microsoft 365 Groups.

When we create managed identity does not matter user assigned and system assigned it registered as an enterprise application in our tenant and we can add the to them to the security groups. All in all, we can add user assigned, system assigned managed identities, service principals to the security groups as well as users and other security groups, we cannot add Microsoft 365 group to the security groups. From here we can say that for the Box-1 we can choose , User1,Group1,Manged1,App1(this is service principial as question says this has been registered in entra that is why we can add it as well). For the box 2 we can only add User1, we cannot add Service principal, devices, security groups, managed identity to the Microsoft 365 group. Answer will be like this: Box-1 All Box-2 only User1. Regards! Quick not also given answer is corret!

In Azure, you cannot have a device and a user in the same security group. Dynamic groups in Azure Active Directory (Azure AD) can be created for devices or for users, but you can’t create a rule that contains both users and devices. Device membership rules can reference only device attributes1. This means you would need to create separate groups for users and devices if you want to manage them dynamically based on their attributes. If you need to manage devices and users together in some way, you might consider creating separate groups and then using Azure policies or other management tools to apply the necessary controls across those groups. For the above reason, it can be concluded that the answer to Group5 is User1 Only.

I think the answer is wrong for Group 5 because you cannot have devices and users in the same group. Therefore Group 1 cannot be in Group 5 as the others.

in exam 08/12/23

You cannot add AppRegistraion to a security group just tested in the lab no option to add to enterprise application is coming up in the list of members

In Exam - 28/7/2023

1. User1, Group1, Managed1, and App1 2. User1 only https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-learn-about-groups#group-types - Security: Used to manage user and computer access to shared resources. For example, you can create a security group so that all group members have the same set of security permissions. Members of a security group can include users, devices, other groups, and service principals, which define access policy and permissions. Owners of a security group can include users and service principals. - Microsoft 365: Provides collaboration opportunities by giving group members access to a shared mailbox, calendar, files, SharePoint sites, and more. This option also lets you give people outside of your organization access to the group. Members of a Microsoft 365 group can only include users. Owners of a Microsoft 365 group can include users and service principals.

Correction for Group 5: User1, Group1, Managed1, App1

Group5: User1, Group1, Managed1 Group6: User1

# In EXAM - 01-Oct-2022

Security groups can be used for either devices or users, but Microsoft 365 Groups can be only user groups. Given answer is correct

# In exam today 03/12/2022

Some extra info with an added link. After identifying the resource types of your resources, you must investigate if they can be moved, and the restrictions that are in place. Check your resource types against the move list below. The list shows whether each resource type can be moved between resource groups or between subscriptions: https://docs.microsoft.com/en-us/learn/modules/move-azure-resources-another-resource-group/4-assess-resources For example, these resources can be moved: Azure Storage accounts Azure virtual machines Azure virtual networks These resources can't be moved: Azure Active Directory domain services Azure Backup vaults Azure App Service gateways

Unfortunately, you cannot add an application as a member of Azure AD group. https://stackoverflow.com/questions/47762262/add-aad-application-as-a-member-of-a-security-group so the answer is user 1 ,managed1 and group 1 only for the first one