ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-100 All Questions

View all questions & answers for the MS-100 exam
Go to Exam

Exam MS-100 topic 3 question 99 discussion

Actual exam question from Microsoft's MS-100
Question #: 99
Topic #: 3
[All MS-100 Questions]

HOTSPOT
-

You have an Azure AD tenant named contoso.com that contains an enterprise app named App1 and two users named User1 and User2.

You need to ensure that each user can perform the following action:

• User1: Create entitlement management access packages to provide external users with access to App1.
• User2: Create an access review for Appl.

The solution must use the principle of least privilege.

Which role should you assign to each user? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by yawb at Jan. 8, 2023, 7:05 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Petrucci914
Highly Voted 2 years, 5 months ago
Identity Governance Administrator User Administrator Add resources to a catalog Identity Governance Administrator With entitlement management, you can delegate this task to the catalog owner Create, update, or delete access review of a group or of an app User Administrator https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#groups
upvoted 9 times
Meebler
2 years, 3 months ago
Double checked myself. Both correct: Source: https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-first
upvoted 3 times
DaDaDave
1 year, 11 months ago
I see that the link seems to confirm answer 1 as correct, it is just confusing that another Microsoft document seems to indicate that the least amount of permission needed for that action is User administrator https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#groups:~:text=Create%2C%20update%2C%20or%20delete%20access%20review%20of%20a%20group%20or%20of%20an%20app
upvoted 1 times
...
...
...
josepedroche
Highly Voted 2 years, 4 months ago
BOX1: User Administrator (to create a new access packages: Prerequisite role: Global administrator, Identity Governance administrator, User administrator, Catalog owner, or Access package manager Box2: User administrator (https://learn.microsoft.com/en-us/azure/active-directory/governance/create-access-review)
upvoted 6 times
...
devilcried
Most Recent 2 years, 3 months ago
I will go for Identity Governance Administrator User Administrator
upvoted 3 times
...
bsaksham
2 years, 4 months ago
Box 1 - Correct Box 2 - Global administrator, User administrator, or Identity Governance administrator to create reviews on groups or applications. https://learn.microsoft.com/en-us/azure/active-directory/governance/create-access-review
upvoted 1 times
...
yukiiw
2 years, 5 months ago
External Identity Provider Administrator Create, read, update, and delete identity providers; User Administrator Create, update, or delete access review of a group or of an app
upvoted 2 times
...
mllerena
2 years, 5 months ago
Usuario1:User Administrator https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#user-administrator User2: User Administrator https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#groups
upvoted 1 times
DaDaDave
1 year, 11 months ago
This link confirms answer 1, User administrator is the least privileged role that can create access reviews https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#groups:~:text=Create%2C%20update%2C%20or%20delete%20access%20review%20of%20a%20group%20or%20of%20an%20app
upvoted 1 times
...
...
yawb
2 years, 5 months ago
Identity Governance Admin for both? External ID Provider admin role is mainly used for external federation, not for creating and/or managing access packages. https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#identity-governance-administrator
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel