ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 2 question 82 discussion

Actual exam question from Microsoft's AZ-500
Question #: 82
Topic #: 2
[All AZ-500 Questions]

HOTSPOT
-

You have an Azure subscription that contains the resources shown in the following table.



You perform the following tasks:

• Create a managed identity named Managed1.
• Create a Microsoft 365 group named Group1.
• Register an enterprise application named App1.
• Enable a system-assigned managed identity for VM1.

You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by Ajdlfasudfo0 at Jan. 16, 2023, 11:37 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
undecided
Highly Voted 2 years, 5 months ago
Tested in the Portal; second answer looks to be incorrect. Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, App1, and Group1
upvoted 31 times
AzureJobsTillRetire
2 years, 5 months ago
I agree that Group1 can. I tested in lab as well. I created a Microsoft 365 group and I found that it appears in the select member list. I'm not too sure about App1 service principle though. I registered an app and its service principle does not show up in the select member list. I might have done my lab wrong though. But I will choose undecided's answer when I go to exam.
upvoted 2 times
AzureJobsTillRetire
2 years, 5 months ago
anyway, there is not an option for Manager1, VM1 and Group1 only for box 2, hence the answer for the second box must be all
upvoted 1 times
...
...
...
zellck
Highly Voted 2 years, 2 months ago
1. Managed1, VM1 and App1 only 2. Managed1, VM1, App1 and Group1 https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object There are three types of service principal: - Application - The type of service principal is the local representation, or application instance, of a global application object in a single tenant or directory. - Managed identity - This type of service principal is used to represent a managed identity. Managed identities eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to resources that support Azure AD authentication. - Legacy - This type of service principal represents a legacy app, which is an app created before app registrations were introduced or an app created through legacy experiences.
upvoted 12 times
zellck
2 years, 2 months ago
https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept#how-role-assignments-to-groups-work To assign a role to a group, you must create a new security or Microsoft 365 group with the isAssignableToRole property set to true. In the Azure portal, you set the Azure AD roles can be assigned to the group option to Yes. Either way, you can then assign one or more Azure AD roles to the group in the same way as you assign roles to users.
upvoted 3 times
...
...
Nhadipour
Most Recent 5 months, 1 week ago
Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, and App1 only Azure RBAC roles (Reader) cannot be assigned to Microsoft 365 Groups directly. RBAC roles are assigned to Azure AD users, service principals, and managed identities.
upvoted 3 times
...
golitech
5 months, 2 weeks ago
Service Principals Created: Managed1 (The service principal representing the managed identity you created) App1 (The service principal for the registered enterprise application) VM1 (The service principal representing the system-assigned managed identity for VM1) --------- Identities That Can Be Assigned the Reader Role for RG1: Managed1 (The managed identity you created for a service can be assigned the Reader role for RG1). App1 (The service principal for the enterprise application can also be assigned the Reader role). VM1 (The system-assigned managed identity of the VM can be assigned the Reader role). However, Group1 cannot directly be assigned the Reader role unless it is configured with roles that map to a service principal (e.g., using Azure AD groups for access control). In this case, Group1 does not directly have a service principal for role assignment purposes in RG1.
upvoted 2 times
...
Jimmy500
1 year ago
Look guys, do not reply please here until you do not know question. In the first question it asks which service principial creating keep in mind this will happen when we will create app registration. So the first one will be App1 only. For the second one it asks which identity can be asked as a reader role Grouup1 can not as it is MS365 group, but we can asssign it for Managed identity, Service Principial and VM1 as it has system assigned managed idetity. Answer: App1 only Managed1,VM1, App1 only
upvoted 2 times
Jimmy500
1 year ago
I am so sorry guys, my first answer is wrong let me correct my mistake. When we create managed identity does not matter system or user assigned we can see the service principial for them in the Entra Id, if search with the id of managed identity we will see that also when we register application we also will see on service pricipial under enterprice applications in the first box besides Group creation we will see principial creation in other 3 cases which means given answer for the first box is correct. For the second box we should choose all of them as we can also assign role to Microsoft 365 groups as well, we can not assign role to the nested groups , please keep this in your mind as well for the other question.Once again sorry for my first answer.
upvoted 4 times
...
...
NICKTON81
1 year, 3 months ago
Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, and App1 only PS: You can't assign Reader role for RG1 using MS365 groups.
upvoted 2 times
...
wardy1983
1 year, 8 months ago
Explanation: Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, App1, and Group1
upvoted 2 times
...
flafernan
1 year, 8 months ago
SERVICE PRINCIPLES: Managed1, VM1 and App1 only IDENTITIES (Identities): Managed1 and VM1 only Explanation: Managed1 is a managed identity that you created. VM1, when having a managed identity enabled, also generates a Service Principal to represent a VM in Azure AD. App1, being a registered enterprise application, is associated with a Service Principal. Microsoft 365 Group1 does not generate Service Principal and is not directly related to this configuration. Only Managed1, VM1 and App1 have Service Principals associated with them. Although Managed1 and VM1 have managed identities, Group1 does not fall into the Service Principals or Identities categories in this context.
upvoted 1 times
...
TheProfessor
1 year, 8 months ago
When you go to assign role, you have to select either 1) user, group or service principle or 2) Managed Identity. So Identities: Managed1, VM1, App1, and Group1
upvoted 1 times
...
tweleve
1 year, 9 months ago
in exam 13 Oct
upvoted 3 times
...
nox2447
1 year, 9 months ago
Pretty sure it is: Service Principals: App1 only and Identities: Managed1, VM1 Identities and Service Principal are not the same. Imo this questions tests whether you know that SP is created during App creation and how the differ from managed identities.
upvoted 4 times
...
[Removed]
2 years, 4 months ago
currently, when you select members for an RG, there is a radio button for either "User, group, or service principal" or "Managed identity" that determines how the view is filtered. You are allowed to add a mix of both
upvoted 2 times
...
majstor86
2 years, 4 months ago
Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, App1, and Group1 Service principals: https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-obje Identity: https://devblogs.microsoft.com/devops/demystifying-service-principals-managed-identities/
upvoted 7 times
...
sofieejo
2 years, 5 months ago
In exam 29/01/2023 + many questions about Microsoft Sentinel
upvoted 3 times
...
mskott
2 years, 5 months ago
Managed identity and service principal are two different types of 'identities' It should be: Service Principal: App1 only Identities: Managed1 (user assigned identity), VM1 (which has system assigned identity), App1 (service principal)only
upvoted 4 times
AzureJobsTillRetire
2 years, 5 months ago
There are three types of service principal: Application Managed identity Legacy https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object
upvoted 4 times
...
...
Ajdlfasudfo0
2 years, 6 months ago
answer seems to be correct; https://stackoverflow.com/questions/47762262/add-aad-application-as-a-member-of-a-security-group
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel