Examice

Exam MS-102 All QuestionsBrowse all questions from this exam

Go to Exam

Question 10

HOTSPOT -

You have a Microsoft 365 E5 subscription that contains the users shown in the following table.

You add the following assignment for the User Administrator role:

Scope type: Directory -

Selected members: Group1 -

Assignment type: Active -

Assignment starts: Mar 15, 2023 -

Assignment ends: Aug 15, 2023 -

You add the following assignment for the Exchange Administrator role:

Scope type: Directory -

Selected members: Group2 -

Assignment type: Eligible -

Assignment starts: Jun 15, 2023 -

Assignment ends: Oct 15, 2023 -

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

Discussion

Casticod

Yes, Yes, Yes ??

Bobalo

YNY, Exchange Admin status is elligable, an admin still needs to request it first. the user admin assignment status is active.

MondherBB

Yes No Yes Eligible assignments require the member of the role to perform an action to use the role. Actions might include performing a multi-factor authentication (MFA) check, providing a business justification, or requesting approval from designated approvers.

TP447

YNY for me - N only because User 2 would need to activate the role they are eligible for first (that is an important detail). It is an ambiguous question though..

GLLimaBR

I agree. There is ambiguity and it left me in doubt, as there is nothing to suggest that eligibility is relevant to the issue. Being eligible or active, within the proposed time window and scope of functions, all answers are "Yes", from my point of view.

mikl

I could not agree more - this is a totally stupid question. Yes he can - but he needs to activate, now a days most administrative roles should also be PIM enabled, that does not mean I can't do a certain task.

Nilz76

Here are my thoughts and explainations: Q: On July 15, 2023, admin 1 can reset the password of a user. A: Yes. Admin 1 is a member of Group 1, which has been assigned the User Administrator role actively from March 15, 2023, to August 15, 2023. This role permits password reset actions among others. Q: On June 20, 2023, admin 2 can manage Microsoft Exchange Online. A: Yes, but with a condition. Admin 2 is a member of Group 2, which has been assigned the Exchange Administrator role as eligible from June 15, 2023, to October 15, 2023. However, since the assignment type is "Eligible," admin 2 needs to activate the role to perform the Exchange Administrator tasks. Once activated, admin 2 can manage Microsoft Exchange Online. Q: On May 1, 2023, admin 3 can reset the password of a user. A: Yes. Admin 3 is a member of both Group 1 and Group 2. Since Group 1 has the User Administrator role assigned actively from March 15, 2023, to August 15, 2023, admin 3 can reset the password of a user during this period. Yes,Yes,Yes

solderboy

Answer: YNY The type of the assignment - Eligible assignments require the member of the role to perform an action to use the role. Actions might include activation, or requesting approval from designated approvers. - Active assignments don't require the member to perform any action to use the role. Members assigned as active have the privileges assigned to the role. The duration of the assignment, using start and end dates or permanent. For eligible assignments, the members can activate or requesting approval during the start and end dates. For active assignments, the members can use the assign role during this period of time. https://learn.microsoft.com/en-us/entra/id-governance/privileged-identity-management/pim-configure

4f2e7e3

Was in Exam 27-6-24

Davito

Question 2 is no because of Known Issues with role-assignable groups: "If an administrator role is assigned to a role-assignable group instead of individual users, members of the group will not be able to access Rules, Organization, or Public Folders in the new Exchange admin center. The workaround is to assign the role directly to users instead of the group." Thus Admin2 will not be able to fully manage Exchange Online. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/groups-concept#known-issues

Razuli

Microsoft get me so mad. Why include these buggy related questions but thanks for the explanation

mpetlk

I guess it should be Yes, No, Yes as it says in MS https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/groups-assign-member-owner Eligible assignment requires member or owner to perform an activation to use the role. Activations may also require providing a multi-factor authentication (MFA), providing a business justification, or requesting approval from designated approvers. Important For groups used for elevating into Azure AD roles, Microsoft recommends that you require an approval process for eligible member assignments. Assignments that can be activated without approval can leave you vulnerable to a security risk from another administrator with permission to reset an eligible user's passwords. Active assignments don't require the member to perform any activations to use the role. Members or owners assigned as active have the privileges assigned to the role at all times.

osxzvkwpfcfxobqjby

- Y Admin1 in Group1 has an active assignment for the User Administrator Role between mar 15 and aug 15. - Y This one is questionable. Admin2 in Group2 has an eligible assignment for the Exchange Administrator role from jun 15 til oct 15. It depends on the eligible assignment type. When MFA or justification is selected, the answer would be Y. But if approved is selected, it depends on approval of the request if admin2 can manage Exchange. - N Not in the right date range https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-add-role-to-user#assign-a-role

gbartumeu

Admin3 is member of Group 1, and May 01, 2023 is in the date range (Mar 15, 2023 to Aug 15, 2023)

cb0900

Agree Admin2 is questionable. Does MS mark the answer where Admin2 manages to activate the Exchange Admin role (although this isn't mentioned in the question) then Y, or Admin2 doesn't take any action and as it's Eligible then answer is N.

CheMetto

Yes no Yes. The second is no. It's elegible, Admin 2 has to activate the role then he can manage Exchange Online. for put a yes, the answer should be "Admin 2, after activate his role, can manage exchange online?" -> yes.

amurp35

I want to say YYY is likely correct, considering that Admin 2 has eligible assignment and the whole reason to assign someone as eligible to a role is to be able to grant that permission in the first place. So there is nothing in the shown settings that prevents Admin 2 from doing so, though we don't know if they will need to be approved for it or not.

Tedd_TS

Yes, Yes, Yes i think too

Venusaur

[ ] On May 1, 2023, Admin3 can reset the password of a user. This should be YES right? Admin3 is member of Group1 + Group2 Group1 assignment start from Mar 15 2023 to Aug 15 2023. May 1 2023 should be within the range.

FireBeast

Y,Y,Y, because if activate it, he is be able to Manage Exchange online

vercracked_007

YNY Statement 2 doesn't say that admin to activates his role

AMDf

Yes ?? - It depends Yes

mikl

Just need to activate the role - then it can be done. Surely its a Y Y Y here.

Darekmso

You need "organization management" role in other manage Exchange . YNY

imlearningstuffagain

You cannot be more spot on, if the line would read "on june 20 Admin2 cn PARTIALLY manage exchange" it would be a Yes. https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/about-exchange-online-admin-role?view=o365-worldwide