You have an Azure Active Directory (Azure AD) tenant that contains the following objects:
✑ A device named Device1
✑ Users named User1, User2, User3, User4, and User5
✑ Groups named Group1, Group2, Group3, Group4, and Group5
The groups are configured as shown in the following table.
To which groups can you assign a Microsoft Office 365 Enterprise E5 license directly?
In Azure Active Directory, Microsoft 365 Enterprise E5 licenses can be assigned to both security groups and Microsoft 365 groups, provided these groups have the 'SecurityEnabled' attribute set to true. Assuming the groups were created in the Azure AD portal where the 'SecurityEnabled' attribute is true by default, licenses can be assigned directly to the following groups: Group1, Group2, Group4, and Group5. Group3 is a dynamic device group, which does not make sense for user-based licensing like Office 365 Enterprise E5, so it is excluded. Hence, licenses can be assigned to Group1, Group2, Group4, and Group5.
There is not enough information in the question to provide a 100% correct answer. You can assign licences to any group created within the Azure AD portal. These can include security groups, Microsoft 365 groups, and either assigned or dynamic groups. You can even create a dynamic device security group and assign E5 licences to it, which doesn't make sense but is true (I've tested it). However, the missing bit of information is whether the Microsoft 365 groups have the "SecurityEnabled" attribute set to True. Only M365 groups that have the "SecurityEnabled" attribute set to True can have licences assigned to them. If the group is created in the M365 Admin Centre, then the "SecurityEnabled" attribute is set to False and you can not assign licences to the group. But if the M365 group is created in the Azure AD portal, then the "SecurityEnabled" attribute is set to True and you can assign licences. For the answer, I would make an assumption that because this is an Identity-related exam testing us on Azure AD topics, that the M365 groups were created in the Azure AD portal and therefore have the "SecurityEnabled" attribute set to True. Which means the correct answer is B - all groups.
I have tried as well and could add all the groups. The answer is B. We don't have much informations so it is difficult...
Agree - the licenses can be applied to all groups created in Azure AD via portal.
Sezza is the GOAT
Microsoft does allow licenses to be assigned to device groups. This is particularly useful for devices that are shared by many users, such as in a classroom or a kiosk. When a device has a license, anyone who uses that device can use Microsoft 365 Apps for enterprise2 https://learn.microsoft.com/en-us/deployoffice/device-based-licensing
Wrong, you can assign licenses to Microsoft 365 groups as well. The correct answer is E
The answer is correct, there's only the two groups *users not devices* that marked as security.
By default, M365 groups are marked as SecurityEnabled=True so they are considered security groups as well. therefor I think "Beitran" is correct and the answer is E.
Correct, E https://docs.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=http Set to true for security-enabled groups, including Microsoft 365 groups. Required. Note: Groups created using the Microsoft Azure portal always have securityEnabled initially set to true. https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced The feature can only be used with security groups, and Microsoft 365 groups that have securityEnabled=TRUE.
It is not possible to assign a license to an M365 group because this is not supported and neither are mail-enabled security groups.
Why can't it be Group 3 for answer B. The license assignment to groups is irrespective of group membership and can be assigned to any type of security groups.
just putting this here on question #1: i passed the exam December 13 2023. score 868. i won't estimate a percentage, but the majority of of the questions on my exam appear here in examtopics. good luck.
Today I took Retake test after 1 year. On the test was 0 questions from here :(
E5 can be assigned to all groups created in Azure AD
Users who don't already have a Microsoft Entra or Microsoft account can sign in without having to create an account. Each time the user signs in to your directory, they receive a passcode via email for authentication. You can also enable self-service sign-up with email one-time passcode for specific apps in your user flows. https://learn.microsoft.com/en-us/entra/external-id/one-time-passcode
Self Service requires a Premium 2 license, no?
Yes, you can assign a Microsoft 365 E5 license to a Microsoft 365 group and device group. You can only assign licenses to one group, but you can nest groups within that one group If you look at the link below, you can see the apps in the license. https://www.microsoft.com/en-us/microsoft-365/enterprise/microsoft365-plans-and-pricing
You have an on-premises Active Directory forest and a Microsoft Entra tenant. You are implementing Microsoft Entra Connect cloud sync. You need to configure Microsoft Entra Connect cloud sync to synchronize an organizational unit named OU1 to Microsoft Entra ID. What should you use? Select only one answer. the Microsoft Entra Connect provisioning agent the Active Directory Domains and Trusts snap-in the Active Directory Sites and Services snap-in the Microsoft Entra admin center***********
You have an on-premises Active Directory forest and a Microsoft Entra tenant. You plan to synchronize Active Directory to Microsoft Entra ID by using Microsoft Entra Connect cloud sync. You need to install the Microsoft Entra Connect provisioning agent. What should you create in Active Directory first? Select only one answer. a group managed service account a security group a user account that is member of the Incoming Forest Trust Builders group a user account that is member of the Key Admins group********
C. Group1 and Group2 only. Note: You can assign licenses to Security Group only in Microsoft Entra ID and you should have Premium 1 and 2 license.
IT says, assign license directly.. Means you display group and assign license.. There is only License option in view of Security groups.. group 1-2-3 are security groups but there is only group 1-2 option. If there was group 1-2-3 option, we could select it but only 1-2 :) think again.
To get to "C" as the answer, One has to assume that, in this case, the M365 groups are default w/ securityEnabled=FALSE. Otherwise it would be E. • Group-based licensing currently doesn't support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied. • The feature can only be used with security groups, and Microsoft 365 groups that have securityEnabled=TRUE. From <https://learn.microsoft.com/en-us/entra/identity/users/licensing-group-advanced> limitations & Known Issues
Just tested this in the Entra Admin Portal, you can assign Licenses to all 5 groups.
Correct Ans is B. Group1, Group2, Group3, Group4, and Group5. You can assigned licenses to Security and M365 Group in Microsoft Entra. MS Docs link for your reference. https://learn.microsoft.com/en-us/entra/identity/users/licensing-group-advanced#limitations-and-known-issues
Correct Ans: E. Group1, Group2, Group4, and Group5 only
Diagram can be found at https://examquestions.com/Microsoft/Microsoft_Identity_and_Access_Administrator_SC_300/questions/0?page=2 Answer is groups 1 & 4 = A
Diagram can be found at https://examquestions.com/Microsoft/Microsoft_Identity_and_Access_Administrator_SC_300/questions/0?page=2
Material still valid, passed a couple of days ago. Contributor access doesn't add any more questions. You will get sick of seeing the MFA method for a remote user with no mobile internet access, its got to be here like 50 times!