Examice

Exam AZ-800 All QuestionsBrowse all questions from this exam

Question 65

You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. The domain contains two servers named Server1 and Server2.

A user named Admin1 is a member of the local Administrators group on Server1 and Server2.

You plan to manage Server1 and Server2 by using Azure Arc. Azure Arc objects will be added to a resource group named RG1.

You need to ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc.

What should you do first?

From the Azure portal, generate a new onboarding script.

Assign Admin1 the Azure Connected Machine Onboarding role for RG1.

Hybrid Azure AD join Server1 and Server2.

Create an Azure cloud-only account for Admin1.

Correct Answer: B

To ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc, the first step is to assign Admin1 the Azure Connected Machine Onboarding role for the resource group RG1. This role grants the necessary permissions to onboard the machines to Azure Arc. Admin1 needs to have these permissions within the Azure environment before they can generate and execute any onboarding scripts required to configure the servers for Azure Arc management.

Discussion

MiMojoOption: A

The Answer is "A". Hear me out. The question asks that "Admin1", a user account, has the appropriate permissions. The role of Azure Connected Machine Onboarding can only be assigned to a service principal, as confirmed by the link given to justify the wrong answer. Admin1 cannot be assigned this role, it's impossible, check it for yourself. Admin1, as a local server admin, has all the rights he/she needs. The correct answer is "A", generate a new onboarding script. One can onboard more than one server with the same script. Onboarding two certainly doesn't impose an administrative burden to use this method.

phi3nix

This is the correct answer. 1. I tested this in LAB. 2. Documentation: https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-portal ---snap--- You can enable Azure Arc-enabled servers for one or a small number of Windows or Linux machines in your environment by performing a set of steps manually. Or you can use an automated method by running a template script that we provide. This script automates the download and installation of both agents. This method requires that you have administrator permissions on the machine to install and configure the agent. On Linux, by using the root account, and on Windows, you are member of the Local Administrators group. --snap--

phi3nix

A is the answer!

SantaClaws

It's not exclusive to service principals. But more importantly, OptionA simply doesn't satisfy the requirement of the question. The question is not how to add resources to RG1. The question is explicitly about ensuring that Admin1 has the correct permissions. So option A can be completely disregarded as a possibility, because it's answering a completely different question.

BojanaOption: B

correct

RickySmithOption: B

B Assign Admin1 the Azure Connected Machine Onboarding role for RG1. https://learn.microsoft.com/en-us/azure/azure-arc/servers/prerequisites#required-permissions https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-service-principal refer point 2

NazerRazerOption: B

So the correct answer is: B. Assign Admin1 the Azure Connected Machine Onboarding role for RG1. Having a local admin account on the server is helpful for running scripts and performing server-level tasks, but it's the Azure role and the onboarding process that grant the necessary permissions to configure the server for Azure Arc management. So, a local admin account is a component of the process but not sufficient on its own to perform the Azure Arc onboarding action. You need the proper Azure role assigned to enable the integration between the local server and Azure Arc. Here's why the option is not the first step. A. From the Azure portal, generate a new onboarding script: This is typically done after you've assigned the necessary role permissions to the user. You generate the script to onboard the machines once the user has the required permissions.

tomasek88Option: A

A is correct --> because Admin1 is local account

ShnashOption: B

1st point On-Prem AD is synced with Azure AD. 2nd point Admin1 looks a like AD User Account which is already available in Azure AD. Which is also a member of Local Admin group on both servers. 4th point we need to on board multiple servers and in order to avoid interaction with the script we need to have service principle which is Admin1 and it should have On Boarding Role before we create, download and run the script. so Option "B" makes sense.

KrayzrOption: B

B. Reason: Azure Arc allows you to manage your servers as if they are running in Azure. To onboard a machine to Azure Arc, the user needs the Azure Connected Machine Onboarding role. This role gives the user the necessary permissions to register the machine with Azure Arc. In this case, Admin1 needs to be assigned this role for the resource group RG1, so they can configure Server1 and Server2 to be managed by Azure Arc. The other options do not directly address the requirement of enabling Admin1 to configure the servers with Azure Arc. Therefore, option B is the most appropriate first step.

RemmyTOption: B

Tested in lab: Admin1 without Azure Connected Machine onboarding role assigned on RG1 are unable to onboard any server to Azure. Also are unable to see any machine in Azure Arc | Machines and and as a result it cannot manage any server. After assigning it the Azure Connected Machine onboarding role on RG1, Admin1 can see all the machines in Azure Arc, can manage the servers and can onboard the servers with the generated script. Note: Follow best security practices and avoid using an Azure account with Owner access to onboard servers. Instead, use an account that only has the Azure Connected Machine onboarding or Azure Connected Machine resource administrator role assignment. See Azure Identity Management and access control security best practices for more information. https://learn.microsoft.com/en-us/azure/azure-arc/servers/onboard-portal

RemmyT

You have an on premises Active Directory Domain Services (AD DS) domain that syncs with an Azure Active Directory (Azure AD) tenant. That means Admin1 is synced in Azure Entra ID and we can assigned him the role Azure Connected Machine Onboarding on RG1 (where all Azure ARC servers will reside).

nawtitooOption: B

with the appropriate role to Admin1 in the RG1 resource group, Admin1 will have the necessary permissions to configure Server1 and Server2 to be managed by Azure Arc.

SIAMIANJIOption: B

To ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc, the first step should be to assign Admin1 the appropriate role that grants the necessary permissions to onboard machines to Azure Arc. Specifically, Admin1 needs the Azure Connected Machine Onboarding role for the resource group RG1. Here’s the correct step to take: B. Assign Admin1 the Azure Connected Machine Onboarding role for RG1. This role grants the necessary permissions to onboard servers to Azure Arc, allowing Admin1 to generate the required onboarding script and complete the onboarding process.

SIAMIANJIOption: B

To ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc, you should first assign Admin1 the necessary permissions in Azure, specifically the Azure Connected Machine Onboarding role for the resource group RG1. Therefore, the correct answer is: B. Assign Admin1 the Azure Connected Machine Onboarding role for RG1.

boapauloOption: B

Selected Answer:B Generating a new integration script in the Azure portal is an important step in adding servers to Azure Arc, but it's not the first step when it comes to ensuring that a specific user, such as Admin1, has permission to configure the servers to be managed by Azure Arc. The first step is to ensure that Admin1 has the necessary permissions within the Azure environment. This is done by assigning the correct role to the user. In the case of Admin1, assigning the Azure Connected Machine Integration role to resource group RG1 is essential for them to be able to perform the required actions in Azure Arc.Once Admin1 has the proper permissions, they can then proceed with generating and running the integration script to add Server1 and Server2 to Azure Arc.

Payday123

Is Admin1 a local user or domain user added to local admins?

fabiloOption: A

A is the right one

MR_EliotOption: B

B is the answer.

MR_EliotOption: B

Answer is B. "UserA" is a domain user, who is added to the local administrator group. Prerequisites: Consider the following basic requirements when planning your deployment: - Your machines must run a supported operating system for the Connected Machine agent. - Your machines must have connectivity from your on-premises network or other cloud environment to resources in Azure, either directly or through a proxy server. - To install and configure the Azure Connected Machine agent, you must have an account with elevated privileges (that is, an administrator or as root)on the machines. - To onboard machines, you must have the >>Azure Connected Machine Onboarding Azure built-in role<<. - To read, modify, and delete a machine, you must have the Azure Connected Machine Resource Administrator Azure built-in role. Link: https://learn.microsoft.com/en-us/azure/azure-arc/servers/plan-at-scale-deployment#prerequisites

afridi43Option: C

To ensure that Admin1 can configure Server1 and Server2 to be managed by using Azure Arc, you should perform the following steps: C. Hybrid Azure AD join Server1 and Server2.

afridi43

1. Hybrid Azure AD Join: When you hybrid Azure AD join Server1 and Server2, it means that these on-premises servers become part of both your on-premises Active Directory Domain Services (AD DS) domain and your Azure Active Directory (Azure AD) tenant. This is a fundamental requirement for Azure Arc because it establishes the necessary identity integration between your on-premises environment and Azure. 2. Azure Arc Connectivity: Once the servers are hybrid Azure AD joined, you can then proceed to configure Azure Arc for these servers. Azure Arc allows you to manage on-premises servers as if they were Azure resources. Azure Arc-enabled servers can be managed, configured, and monitored from the Azure portal. The other options mentioned (A, B, and D) are not the first steps you should take in this scenario: