AZ-300 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-300 Exam - Question 214

Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.

Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.

You need to ensure that the Admin1 can create access reviews in contoso.com.

Solution: You assign the Global administrator role to Admin1.

Does this meet the goal?

Show Answer
Correct Answer: A

Assigning the Global administrator role to Admin1 will ensure that they can create access reviews. Global administrators have full access to all management features in Azure Active Directory, including the ability to create and manage access reviews. Therefore, this meets the goal of enabling Admin1 to create access reviews in the Azure AD tenant.

Discussion

16 comments
Sign in to comment
SaurabhAzure
Apr 6, 2020

the answer should be yes. As because global administrators can perform access review. We do not need P2 license for global administrators

riyamalin
Apr 7, 2020

prerequisites for access review are: Azure AD Premium P2 Global administrator or User administrator ref : https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

milind8451
May 3, 2020

Still I would go with Yes because if P2 license wasn't assigned then Access reviews setting would not be visible but greyed out. Since it is visible, that means P2 is assigned.

milind8451
May 3, 2020

Still I would go with Yes because if P2 license wasn't assigned then Access reviews setting would not be visible but greyed out. Since it is visible, that means P2 is assigned.

Barry123456
Jun 29, 2020

little bit like killing an ant with a bazooka though. overkill and may cause collateral damage.

anupam77
Jun 26, 2021

But user is part of User Admin role. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#how-many-licenses-must-you-have "Azure AD Premium P2 licenses are not required for users with the Global Administrator or User Administrator roles who set up access reviews, configure settings, or apply the decisions from the reviews."

gboyega
Jul 14, 2020

A is the correct Answer No licenses are required for the users with the Global Administrator or User Administrator roles that set up access reviews, configure settings, or apply the decisions from the reviews.

cttay71
Sep 11, 2020

Scenario 1: i tried creating admin1 with Global Administrator role or User Administrator role only and I am not able to create Access Review. Scenario 2: I create admin with User Admin role with Azure AD Premium P2 licenses enabled. I am able to create Access Review. Therefore, Azure AD Premium P2 is required whether you are global administrator or user administrator. Since questions already mentioned admin1 has User Administrator role, he should be able to create access review. But he could not. So my answer is NO My Answer is NO.

Jer0i
Jul 28, 2020

Answer is B https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-give-access-to-pim The Global administrator who enables Privileged Identity Management (PIM) for an organization automatically get role assignments and access to Privileged Identity Management. No one else in your Azure Active Directory (Azure AD) organization gets write access by default, though, including other Global administrators. Other Global administrators, Security administrators, and Security readers have read-only access to Privileged Identity Management. To grant access to Privileged Identity Management, the first user can assign others to the Privileged Role Administrator role. It says "...No one else in your Azure Active Directory (Azure AD) organization gets write access by default, though, including other Global administrators." So even though you assign Admin1 as the GA, he still will not have access to PIM

turtle666
Feb 2, 2020

Azure AD Premium P2 licenses are not required for the following tasks: No licenses are required for the users with the Global Administrator or User Administrator roles that set up access reviews, configure settings, or apply the decisions from the reviews. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

keithtemplin
Apr 24, 2020

turtle666 copied the text straight from the referenced link

tartar
Sep 14, 2020

B is ok

tartar
Sep 14, 2020

B is ok

BalaMurugesan
May 27, 2020

YES - "Programs and access review results are visible to users in the Global administrator, User administrator, Security administrator, or Security reader role." https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

Prash85
Jun 6, 2020

This question doesn't talk about licenses instead it is focused on the roles and its privileges... Global Admin can create access review.. answer is YES

[Removed]
Jun 20, 2020

Creating access review on a group that can be assigned to Azure AD role If you are on the newest version of Access Reviews (your reviewers are directed to My Access by default) , then only Global Administrator can create access review on role-assignable groups. However, if you are on older version of Access Reviews (your reviewers are directed to the Access Panel by default), then both Global Administrator and User Administrator can create access review on role-assignable groups.

BEB
Aug 15, 2020

Answer is NO. Privileged Role Administrator is required to Create an access review. see https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review "You can use Azure AD Privileged Identity Management (PIM) to create access reviews for privileged Azure AD roles. You can also configure recurring access reviews that occur automatically." "Prerequisites Privileged Role Administrator"

Bluediamond
Mar 12, 2020

https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review

Pigi_102
May 12, 2020

From: https://azure.microsoft.com/en-us/pricing/details/active-directory/ Premium P2 is the only license with Access Review Option. Moreover, from https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview , License Requirement: "Using this feature requires an Azure AD Premium P2 license." So the answer is NO.

thirstylion
Jun 7, 2020

Answer is A (Yes) No licenses are required for the users with the Global Administrator or User Administrator roles that set up access reviews, configure settings, or apply the decisions from the reviews.

addy007
Jun 24, 2020

Ans: B, https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-start-security-review

arseyam
Sep 10, 2020

When you enable Access Reviews for the first time, you have to click on Onboard Now, which enables access reviews for the Azure AD directory. Note that if you don’t complete this step, the Overview page of access reviews will report an error Tenant is not onboarded for Access Reviews feature. Below is a great article to clear the confusion https://campbell.scot/getting-started-with-azure-ad-identity-governance-part-2-access-reviews/

basak
Sep 22, 2020

to access review rules the user should have PIM license. So B is correct https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

basak
Sep 24, 2020

Correction: Azure AD Premium P2 licenses are not required for users with the Global Administrator or User Administrator roles who set up access reviews, configure settings, or apply the decisions from the reviews. https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview

lucaribou
Sep 26, 2020

So the answer should be yes

lucaribou
Sep 26, 2020

So the answer should be yes

deyc
Sep 29, 2020

1- Create an access review of groups and applications in Azure AD access reviews Prerequisites Azure AD Premium P2 Global administrator or User administrator 2- Create an access review of Azure AD roles in Privileged Identity Management Pre-requisite: Privileged Role Administrator If I read the question correctly, the access is for groups and apps and not for AD roles... If this is the case, the answer is NO because PIMS P2 is also required