AZ-303 Exam - Question 244

Question

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.

Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.

You need to ensure that the Admin1 can create access reviews in contoso.com.

Solution: You consent to Azure AD Privileged Identity Management (PIM).

Does this meet the goal?

Examice · Accepted Answer

The solution to ensure that Admin1 can create access reviews in contoso.com is to assign them the appropriate license and role required for access reviews. While Azure AD Privileged Identity Management (PIM) is a useful tool for managing permissions and roles, simply consenting to PIM does not address the specific issue of access review settings being unavailable. The prerequisites for creating access reviews include having an Azure AD Premium P2 license and being a Global administrator or User administrator. Since Admin1 is already a User administrator, the absence of the correct licensing is likely the core issue. Therefore, consenting to PIM alone does not meet the goal.

[Removed] · Answer

NO

https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

Prerequisites:

Azure AD Premium P2
Global administrator or User administrator (Admin is User administrator)

Kraviecc · Answer

No is the correct answer. It looks like the tenant has not been onboarded yet.

J4U · Answer

Correct: YES (All other options like Global Admin, P2 license etc are No as Admin1 is already a User Admin)
Identity governance scope the access review to Teams + M365 Groups and Applications whereas PIM scope the access review for Users and Groups + Service Principal. So PIM is suitable place for access reviews.
The pre-reqs are access review creator should be either User or Global Admin and they no need to have P2 license. However the reviewer should have P2 license to review it.

DNeo · Answer

Question doesn't mention about having Azure AD P2 license. 
Assuming it has already been there (Per user participating in Access Review), PIM should work here

AzureGC · Answer

Y : PIM, See the note, here: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements

Azure AD Premium P2 licenses are not required for the following tasks:

No licenses are required for users who set up PIM, configure policies, receive alerts, and set up access reviews.

Krsto · Answer

Tenant does not have a valid license (EMS E5 or P2) required for Access reviews. You get this message when trying to see Access Reviews. And this is with Global admin role. In order to use this you need to have:

Azure AD Premium P2
    Global administrator or User administrator

https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

nicksu · Answer

This seem to be an outdated question.  There is no need to consent to PIM anymore

tita_tovenaar · Answer

Y - as commented earlier, P2 license is not needed to *create* access reviews. You need P2 to execute them. To use a metaphore, it's free and easy to sign up for a phone, but actual use costs money :-)

legendkiller84 · Answer

PIM also needs an Azure AD P2 license: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements

Mj11Az · Answer

If an Azure AD Premium P2, EMS E5, or trial license expires, Privileged Identity Management features will no longer be available in your directory:
But here they can able to consent the PIM i.e P2 license is available.
Answer should be yes.

samsanta2012 · Answer

NO. Prerequisite to create access reviews in PIM 
Azure AD Premium P2 license
Owner or User Access Administrator Azure role for the resource
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-start-access-review#prerequisite-license

jr_luciano · Answer

Correct Answer: A (YES)
The problem here is not license.

marmaduke · Answer

Azure AD Premium P2 licenses are NOT required for the following tasks:

No licenses are required for users who set up PIM, configure policies, receive alerts, and SET UP ACCESS REVIEWS.

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/subscription-requirements

OLO_90 · Answer

No, you need to purchase an Azure Directory Premium P2 license for contoso.com.

syu31svc · Answer

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-resource-roles-start-access-review

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review

Answer is Yes

AD3 · Answer

Correction to my comment. The answer is YES.

Rissan · Answer

The question is not about license assumption is P2 license is already there. P2 license is a pre-requiste for PIM

AZ-303 Exam - Question 244

Discussion