Examice

Exam MS-102 All QuestionsBrowse all questions from this exam

Go to Exam

Question 54

HOTSPOT -

You have an Azure AD tenant that contains the administrative units shown in the following table.

You have the following users:

• A user named User1 that is assigned the Password Administrator for AU1 and AU2.

• A user named User2 that is assigned the User Administrator for AU1.

• A user named User3 that is assigned the User Administrator for the tenant.

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

Discussion

gbartumeu

I think is Y,Y,Y. "If an administrator forgets their own password, ...": "Ask another administrator to reset it for you. In this case, the other administrator must be either a Global admin, a User Management admin, or a Password admin. However, if the administrator who forgot their password is a Global admin, another Global administrator must reset it for them." https://learn.microsoft.com/es-es/training/modules/manage-secure-access-microsoft-365/2-manage-user-passwords

Be41223

The answer is N,Y,N. User1 can't reset password of User3, not only are they in different administrative units, password administrators can only reset the passwords of non-admins and other password administrators. User2 can update the display name of User1, User2 is a User administrator and is in the same Administrative unit as User1 allowing them control to do so. User1 can't reset the password of User2, as User2 is a different admin. https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide#commonly-used-microsoft-365-admin-center-roles

JensV

https://learn.microsoft.com/en-us/azure/active-directory/roles/privileged-roles-permissions?tabs=admin-center#who-can-reset-passwords

benpatto

I'd like to agree but this is why there are global admins. There's always at least one global administrator in a tenant which has the ability to do anything it needs to - no bars held. So I think N, Y, N

Exam2us

I think this is not correct. Review this link for more information - https://learn.microsoft.com/en-us/azure/active-directory/roles/privileged-roles-permissions?tabs=admin-center#who-can-reset-passwords

basak

wrong: Password Administrator - Can reset passwords for non-administrators and Password Administrators. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference

Greatone1

I think this one is correct as an Admin cannot reset another Admins password

mikl

The thing to pay attention to here is that a Password Administrator cannot change password of a user administrator - that's why its N, Y, N for me.

Festus365

I personally chose the answers: YYY!!

imlearningstuffagain

NYN User1 can reset password for User3 -> NO, password admin cannot reset passwords for User Admin. Check check https://learn.microsoft.com/en-us/azure/active-directory/roles/privileged-roles-permissions?tabs=admin-center#who-can-reset-passwords User2 can Update display name of User 1 -> YES, he is User Admin on AU1 and User 1 is member of AU1, A useradmin can update Most user properties including admin. https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#user-administrator User1 can reset password for User2 -> NO, password admin cannot reset passwords for User Admin. Check check https://learn.microsoft.com/en-us/azure/active-directory/roles/privileged-roles-permissions?tabs=admin-center#who-can-reset-passwords

LakesWizard

User1 can reset the password of User3. Yes, it can, because of User3 is the User Administrator for the tenant not for the AD User2 can update the display name of User1 Yes User1 can reset the password of User2 No

ismaelo

Correct answer: Y,Y,Y If we read this document https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/privileged-roles-permissions?tabs=admin-center#who-can-reset-passwords, we can see how the password manager can change even that of the global administrator

Nico282

You are reading the table the wrong way. Look at the COLUMN "Password Admin", the role can reset password only of Users, Directory readers, Guest inviters and other Password admins

Amir1909

Correct

SBGM

Link provided by JensV: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/privileged-roles-permissions?tabs=admin-center#who-can-reset-passwords "For example, a Password Administrator can reset the password for Directory Readers, Guest Inviter, Password Administrator, and users with no administrator role. If a user is assigned any other role, the Password Administrator cannot reset their password."

m2L

Agree with Be41223

spg1

NO, YES, NO All explanation is here "Password admin - Assign the Password admin role to a user who needs to reset passwords for non-administrators and Password Administrators" https://learn.microsoft.com/en-us/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide#commonly-used-microsoft-365-admin-center-roles

Rylz

there is a problem here with user 1 you cant assign role for two AUs - tried it right now and it did not work

nsotis28

provided answer is correct