The question asks to resolve the "issue". This focuses on the issues defined in the Case Study.
The only issue mentioning the guest users is:
"The helpdesk administrators spend too much time provisioning internal and guest access to the required Microsoft 365 services and apps."
So, I believe the question refers to the invitation / registration part of the Guest users, not reviewing their access...
The purpose is to offload the Helpdesk Admins from managing all guest access registrations, not reviewing stale accounts.
So the answer "D. Modify the External collaboration settings." fits better to the purpose.
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/external-collaboration-settings-configure#configure-settings-in-the-portal
(See Enable guest self-service sign up via user flows & Member users and users assigned to specific admin roles can invite guest users including guests with member permissions)
D.
"You need to resolve the issue of the guest user invitations." Guest user invitations is the key.
Invitation settings are in "External collaboration settings" blade.
You can allow anyone in the organization to invite guest users, or restrict it to the specific admin role and grant users permission to the Guest Inviter role.
Access reviews have nothing in common with user invitations.
This question is in the Wrong case study. Belong to ADatum !!
You need to resolve the issue of the guest user invitations.
What should you do for the Azure AD tenant?
(• Anyone in the organization can invite guest users, including other guests and non-administrators.)
(• Ensure that only users that are assigned specific admin roles can invite guest users.)
A. Configure the Continuous access evaluation settings.
B. Configure a Conditional Access policy.
C. Configure the Access reviews settings.
D. Modify the External collaboration settings. Most Voted
**************
Could be interpreted as either C or D. "The helpdesk administrators spend too much time provisioning internal and guest access to the required Microsoft 365 services and apps."
C - "Configure the Access reviews settings" will enable existing Guest users to determine if they still need access, but this will not invite new users.
D - "Modify the External collaboration settings" will allow Guest invite options, but does not help manage the existing users access.
The key part of this question seems to be "too much time provisioning internal and guest access". External Collaboration settings does not help with managing Internal users, so I vote for C
I believe the given answer is correct:
https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/clean-up-stale-guest-accounts
As users collaborate with external partners, it’s possible that many guest accounts get created in Azure Active Directory (Azure AD) tenants over time. When collaboration ends and the users no longer access your tenant, the guest accounts may become stale. Admins can use Access Reviews to automatically review inactive guest users and block them from signing in, and later, delete them from the directory.
After more consideration I still think it is D.
Here is the link that gets to the point:
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/external-collaboration-settings-configure#configure-settings-in-the-portal
You can add enable 'Guest Inviter' role. But you cannot enable self-service role for 'Office 365' apps. So far, that is only available for apps you build. See here
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up-user-flow#enable-self-service-sign-up-for-your-tenant
The issue here is "The helpdesk administrators spend too much time provisioning internal and guest access to the required Microsoft 365 services and apps"
Looks like D : 'Modify the External Collaboration Settings' to me where you can enable guest users self service flow
...but "You can associate user flows with apps built by your organization. User flows can't be used for Microsoft apps, like SharePoint or Teams."
(https://learn.microsoft.com/en-us/azure/active-directory/external-identities/self-service-sign-up-user-flow#enable-self-service-sign-up-for-your-tenant)
So I don't see a correct answer here :D
I would think the guest user issue that needs resolving would be: "Fabrikam users must have access to the marketing department's SharePoint site for a maximum of 90 days". If that is the case answer should be D.
You identify the issue, so how do you remove the access automatically by changing External Collaboration settings? The answer is C "Access review"
upvoted 6 times
...
...
This section is not available anymore. Please use the main Exam Page.SC-300 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
f2bf85a
Highly Voted 1 year, 6 months agocgonIT
1 year agozygmant
Highly Voted 2 years agoSunth65
Most Recent 2 months, 3 weeks agoSunth65
2 months, 3 weeks agocgonIT
1 year agob233f0a
1 year, 4 months agocurtmcgirt
10 months, 4 weeks agowooyourdaddy
1 year, 9 months agoAMDf
1 year, 10 months agoACSC
1 year, 11 months agoJawad1462
2 years agoDeepMoon
2 years, 1 month agoFaheem2020
2 years, 1 month agodejo
2 years, 1 month agoDeepMoon
2 years, 1 month agoHot_156
2 years, 1 month ago