You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains an Azure AD enterprise application named App1.
A contractor uses the credentials of [email protected].
You need to ensure that you can provide the contractor with access to App1. The contractor must be able to authenticate as [email protected].
What should you do?
To provide the contractor with access to the enterprise application in Azure AD, you need to invite the contractor to your Azure AD tenant. The New-AzureADMSInvitation cmdlet is used to invite a guest user to your Azure AD tenant. This cmdlet sends an invitation email to the guest user, who can then use their credentials to authenticate and gain access to the application. By performing this action, the contractor can be authenticated as the specified email address.
A is the answers, they are looking for you to invite the user to azure ad. Assume that unless stated otherwise, default config in Azure AD is set, so collaboration settings are already on. "By default, all users in your organization, including B2B collaboration guest users, can invite external users to B2B collaboration. If you want to limit the ability to send invitations, you can turn invitations on or off for everyone, or limit invitations to certain roles." https://docs.microsoft.com/en-us/azure/active-directory/external-identities/external-collaboration-settings-configure
This is the same question as 14. There you answer that "create a guest account" but here you all are saying "you need to configure collaboration settings". Think about it, if that would be the correct answer you shouldn't have it as an option on question number 14 but you have it there... It is A
You are right in Question the cmd-let creates a new AZ Ad user account... the difference is that between the cmd-lets. current question's answer is: A
A looks correct. By default all users can invite guest users, since the question doesn't state otherwise. A: is correct, since you just need to invite the user.
A is correct
Question is asking the prerequisition of A, so I'll go for B.
https://learn.microsoft.com/pl-pl/training/modules/implement-manage-external-identities/13-configure-identity-providers Here you have why C is the proper answer: End-user experience With SAML/WS-Fed IdP federation, guest users sign in to their Microsoft Entra tenant with their own organizational account. When they access shared resources and are prompted to sign in, users are redirected to their identity provider. Upon successful sign-in, users are returned to their Microsoft Entra ID to access resources. If a Microsoft Entra session expires or becomes invalid, and the federated identity provider has SSO enabled, the user uses SSO. If the federated user's session is valid, the user is not prompted to sign in again. Otherwise, the user will be redirected to their identity provider for sign-in.
The best answer is A. Run the New-AzureADMSInvitation cmdlet. The New-AzureADMSInvitation cmdlet is used to invite a guest user to your Azure AD tenant. To use the New-AzureADMSInvitation cmdlet, you will need the contractor's email address and the name of the Azure AD application that you want to give them access to.
B: By default all users can invite guest users. Too access to App1. Add applications to the self-service sign-up user flow under configure external collaboration settings.
A) because guest self-sign up via user flow (i.e. for apps ) is disabled by default but it states if it is then the guest must be invited. A) will therefore work no matter this setting
https://learn.microsoft.com/en-us/powershell/module/azuread/new-azureadmsinvitation?view=azureadps-2.0 only invites the user but won't provide access to any resources. External collaboration settings have to be configured first.
The context of this question is terrible. Does the org already have B2B collaboration setup? If so, then A. But if no collaboration exists as yet, then B is required to setup before sending out invites (A). grrr.
A. Run the New-AzureADMSInvitation cmdlet.
The wording say not "invite user" but "make sure you can invite user" therefore B
A. Run the New-AzureADMSInvitation cmdlet.
In exam 29/Sep
Key words are: "You need to ensure that you can provide the contractor with access to App1." Which means you need to setup the following screen for @outlook account to work. Under collaboration settings. https://learn.microsoft.com/en-us/azure/active-directory/external-identities/self-service- sign-up-user-flow#create-the-user-flow-for-self-service-sign-up
1.) Configure External Collaboration Settings 2.) Create a User Flow 3.) Link user flow to the application While this would achieve the long-term best practice of the solution, it is too many steps and doesn't achieve the "What should you do" Running New-AzureADMSInvitation will provide an external user account that they can use to start authenticating immediately. The other solution, although 'correct', has too many steps not included by just saying "Configure the settings"
I would go with A.
A is answer