ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 31 discussion

Actual exam question from Microsoft's SC-300
Question #: 31
Topic #: 4
[All SC-300 Questions]

HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains a group named All Company and has the following Identity Governance settings:
✑ Block external users from signing in to this directory: Yes
✑ Remove external user. Yes
✑ Number of days before removing external user from this directory: 30
On March 11, 2.022, you create an access package named Package1 that has the following settings:
✑ Resource rales
1. Name: All Company
2. Type: Group and Team
3. Role: Member
✑ Lifecycle
1. Access package assignment expire: On date
2. Assignment expiration date: April 1, 2022
On March 1, 2022, you assign Package1 to the guest users shown in the following table.

On March 2, 2022, you assign the Reports reader role to Guest1.
On April 1, 2022, you invite a guest user named Guest3 to contoso.com.
On April 4, 2022, you add Guest3 to the All Company group.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Box 1: No -
On March 2, 2022, you assign the Reports reader role to Guest1.
On April 1 the access package assignment expires. After another 30 days, well before May 5, the guest user account is removed.

Box 2: No -
On April 1 the access package assignment expires. After another 30 days, well before May 5, the guest user account is removed.

Box 3: Yes -

Note: Lifecycle -
On the Lifecycle tab, you specify when a user's assignment to the access package expires. You can also specify whether users can extend their assignments.
In the Expiration section, set Access package assignments expires to On date, Number of days, Number of hours, or Never.
For On date, select an expiration date in the future.
For Number of days, specify a number between 0 and 3660 days.
For Number of hours, specify a number of hours.
Based on your selection, a user's assignment to the access package expires on a certain date, a certain number of days after they are approved, or never.
Note 2: By default, when an external user no longer has any access package assignments, they are blocked from signing in to your directory. After 30 days, their guest user account is removed from your directory.
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-lifecycle-policy https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users
by apokavk at Sept. 7, 2022, 3:37 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Learner2022
Highly Voted 2 years, 6 months ago
How can you assign package 1 on 1st March 2022 before package 1 was created (on 11th March 2022)?
upvoted 29 times
...
mcas
Highly Voted 2 years, 6 months ago
The Identity Governance settings state: Select what happens when an external user, who was added to your directory through an access package request, loses their last assignment to any access package. Number of days before removing external user from this directory: 30 the Assignment (assigned to Guest1 and Gues2) expires on April 1, 2022 so by May 1 the 30 days have passed and therfore Guest 1 and Guest 2 are removed, so Q1 and Q2 should be NO Q3 is YES because Guest 3 is not affected by the access package
upvoted 7 times
VeiN
2 years, 5 months ago
There is lack of info in this question & date mix for me. From the description it looks like at least guest 1 & 2 already existed before package was assigned so they will be NOT removed. (box 1 & 2 : YES) "Entitlement management ONLY removes accounts that were invited through entitlement management. Also, note that a user will be blocked from signing in and removed from this directory even if that user was added to resources in this directory that were not access package assignments. If the guest WAS PRESENT in this directory prior to receiving access package assignments, they will remain. However, if the guest was invited through an access package assignment, and after being invited was also assigned to a OneDrive for Business or SharePoint Online site, they will still be removed."
upvoted 2 times
rajbne
2 years, 1 month ago
agreed , based on that it should YYY
upvoted 1 times
...
...
...
YesPlease
Most Recent 3 months ago
1) No, 30 days deleted 2) No, 30 days deleted 3) Yes, because they were added to "all company" group and are no longer an outsider.
upvoted 2 times
...
perkp
4 months, 3 weeks ago
Identity Governance Settings: These settings will apply to all external users, not just those added through access packages. This means any guest user added to your directory will be blocked from signing in and will be removed after 30 days, regardless of how they were added. So N,N,N
upvoted 2 times
...
RemmyT
1 year ago
NO NO NO Guest1 & Guest2 - assigned Package1 0n March 1. Have access till April 1. After April 1, Identity Governance settings appplies After 30 days both accounts are deleted (May 1). Guest3 on April 1 has no package assigned -> Identity Governance settings appplies - is not able to sign-in - is removed after 30 days (May 1)
upvoted 2 times
...
Sc300ExamDemo
1 year ago
this question is asking what happens when an external user, who was added to your directory through an access package request, loses their last assignment to any access package. Only GUEST 1 and 2 are added through access pkg and will be affected. GUEST 3 stays Therefore, N,N,Y.
upvoted 3 times
...
dule27
1 year, 11 months ago
NO NO YES
upvoted 2 times
...
dobriv
2 years, 1 month ago
It should be NO, NO, NO : "Entitlement management only removes accounts that were invited through entitlement management. Also, note that a user will be blocked from signing in and removed from this directory even if that user was added to resources in this directory that were not access package assignments. If the guest was present in this directory prior to receiving access package assignments, they will remain. However, if the guest was invited through an access package assignment, and after being invited was also assigned to a OneDrive for Business or SharePoint Online site, they will still be removed." you can find this at the end of the link : https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-external-users
upvoted 6 times
...
mayleni
2 years, 4 months ago
I will say NO, NO, NO. Guest 3 is affected by global guest user policy, no by package
upvoted 5 times
its_tima
2 years, 4 months ago
you're right, Guest3 has no link to the access package, therefore, no timed assignment policy will be applied. So they still exist
upvoted 1 times
Taigr
2 years, 3 months ago
Well, but Guest3 was added in group named All Company and has the following Identity Governance settings: ✑ Block external users from signing in to this directory: Yes ✑ Remove external user. Yes ✑ Number of days before removing external user from this directory: 30 So should not be based on this membership deleted as external user after 30 days? He was added 4.April, so 5th May can be deleted already.
upvoted 1 times
Ody
1 year, 3 months ago
If you look up above those settings it says, "Select what happens when an external user, who was added to your directory through an access package request, loses their assignment to any access package. It won't apply to Guest 3.
upvoted 1 times
...
...
...
...
hyc1983
2 years, 6 months ago
I think the answer is correct. For guest1 and guest2, they were added through an access package. Even though guest1 was assigned a role later, the settings for the lifecycle of external users will have impacts. For guest3, it's not added through access packages, so it's not affected.
upvoted 1 times
...
Hot_156
2 years, 8 months ago
User3 was invited to the tenant the day the access package expired, so if I am not wrong, it didn't affect User3. as the access package already expired, it won't remove the guests later on
upvoted 2 times
...
apokavk
2 years, 9 months ago
on second thought user 3 is not in the assignment of the package and is added manually, so it could be yes indeed
upvoted 1 times
apokavk
2 years, 9 months ago
this is wrong...got confused, identity governance will remove it...
upvoted 3 times
...
...
apokavk
2 years, 9 months ago
IMHO the third answer is no because on the 5th of May the access package has already expired and user 3 is not able to gain access
upvoted 2 times
Hot_156
2 years, 8 months ago
This makes me think the account is still in the company on May 5th because in April it was added to a role. The account won't be removed from the company if there is any access assigned to it. On April 4, 2022, you add Guest3 to the All Company group. Or am I wrong?
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel