Examice

Exam SC-300 All QuestionsBrowse all questions from this exam

Go to Exam

Question 56

You have an Azure AD tenant that contains a user named Admin1.

You need to ensure that Admin1 can perform only the following tasks:

• From the Microsoft 365 admin center, create and manage service requests.

• From the Microsoft 365 admin center, read and configure service health.

• From the Azure portal, create and manage support tickets.

The solution must minimize administrative effort.

What should you do?

Create an administrative unit and add Admin1.

Enable Azure AD Privileged Identity Management (PIM) for Admin1.

Assign Admin1 the Helpdesk Administrator role.

Create a custom role and assign the role to Admin1.

Correct Answer: D

To ensure that Admin1 can only create and manage service requests, read and configure service health, and create and manage support tickets, and nothing more, you need to assign the minimum necessary permissions. Creating a custom role allows you to define and restrict Admin1's permissions to only those specific tasks, ensuring they cannot perform any other privileged actions. This approach meets the requirement of minimizing administrative effort while providing the least privilege necessary for the specified tasks.

Discussion

hellawaits111Option: C

Role explained here: https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#helpdesk-administrator

Logitech

You need to ensure that Admin1 can perform only the following tasks... Sounds pretty clear that the user should not be able to to more than this 3 things. With Helpdesk Admin you can do more. Really supid MS Question again.... D should be the answer.

Alcpt

nope The answer is D. Users with Helpdesk Administrator role can: change passwords, Invalidate refresh tokens, Create and manage support requests with Microsoft for Azure and Microsoft 365 services, and MONITOR service health. To CREATE a support request: You must have the Owner, Contributor, or Support Request Contributor role, or a CUSTOM role with Microsoft.Support/*, at the subscription level. A Helpdesk Admin CANNOT CREATE and MANAGE support tickets. You are forced to create a custom role to 1. satisfy all your needs , 2. least admin has no choice here.

NyamnyamOption: D

ONLY the following tasks. Indeed Helpdesk Admin can fulfill the three requirements, but has other permissions, which are labeled PRIVILEGED in https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference#helpdesk-administrator

onelove01Option: D

Key word here is "ONLY", implying they can't perform any task outside of the three listed. D is the correct answer

AlscoranOption: D

It doesn't ask for password resets so why would you give such privileges. Has to be D.

marco_aimiOption: C

"minimize administrative effort" using custom role? hum..

kijkenOption: D

Least privileged option is D. C can be, but has too much permissions

MacDanorldOption: D

You need to make sure Admin1 can perform ONLY the following tasks sound like LEAST PRIVILEGE should be factored into your answer.

Nivos23Option: D

The main requirement is to ensure that Admin1 can perform only the specified tasks and minimize administrative effort. The Helpdesk Administrator role (option C) is not the best choice because it grants additional privileges beyond the specified tasks. To ensure that Admin1 can perform only the three specified tasks with the minimum administrative effort, you should choose option D: D. Create a custom role and assign the role to Admin1. Creating a custom role allows you to define and assign only the necessary permissions for the specified tasks without granting broader privileges. This approach aligns with the requirement to minimize administrative effort while ensuring that Admin1 can perform only the specified tasks.

Er_01Option: D

It is for ONLY these items and HD Admin does alot more so a custom role for it fits the bill.

RoelvDOption: D

"can perform only".. Helpdesk admin can do more then that. So D.

emartiyOption: D

need to ensure that Admin1 can perform only the following tasks means that create a custom role an assign what you want a user can perform as admin :) D - D - D - D - ::)))

LaraxOption: C

For me it's C because they ask us the solution with the minimal administrative effort and not the least priviledged. least administrive --> C Least priviledged --> D

curtmcgirt

but they also use the word "_only_ these tasks."

Justin0020Option: C

The best solution is D, de one with the least administrative effort is C so i say C.

omnomsnomOption: C

In the real world, the Service Support Administrator role exists for this use case.

bpaccountOption: C

It's C, a custom role isnt the least administrative effort.

Er_01Option: C

Help desk admin - description - role permissions. Here, the 3 items in the question are listed under lines 5,6,8 verbatim.

BenLamOption: C

C - Helpdesk Admin can manage tickets so no need to customise. Check in Azure AD and look for helpdesk admin role and go to the description it clearly says can manage tickets

RoelvD

"can perform ONLY" So there IS a need to customize!