AZ-303 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-303 Exam - Question 77

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.

Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.

You need to ensure that Admin1 can create access reviews in contoso.com.

Solution: You assign the Service administrator role to Admin1.

Does this meet the goal?

Show Answer
Correct Answer: B

Admin1 needs specific roles to create access reviews in Azure AD, such as the Global administrator or User administrator role. Admin1 already has the User administrator role, which should be sufficient. However, the Service administrator role is not related to Identity Governance settings, so assigning it would not solve the issue of creating access reviews. Additionally, Admin1 may need an Azure AD Premium P2 license to access and create access reviews, which is not addressed by assigning the Service administrator role.

Discussion

14 comments
Sign in to comment
JasonYin
Nov 12, 2020

Answer should be No. Test in lab, must have one P2 license at least. Then both Global admin and User Administrator Role will be able to do. Admin1 already has User Administrators Role, no need Global Admin role.

Amit3
Jun 4, 2021

I agree, I tested it as well, you would need P2 license even with Global Admin Role.

ercank
Aug 15, 2020

Definitely YES. I tested it. Global Administrator role make it possible.

Wattie
Aug 17, 2020

Answer should be yes as either the Global admin or Privileged Role admin can do the job

temporal111
Sep 29, 2020

"Azure AD Premium P2 licenses are not required for users with the Global Administrator or User Administrator roles who set up access reviews, configure settings, or apply the decisions from the reviews". With the previos extract, we can think that the correct answer is "No", because, the Admin1 already has "user administrator" role assigned to him.

PieDev
Oct 26, 2020

So if the answer is no then, you would still need the P2 license and have either Global or User Admin role? Correct?

PieDev
Oct 26, 2020

So if the answer is no then, you would still need the P2 license and have either Global or User Admin role? Correct?

pentium75
Jul 9, 2021

But Admin1 in that example IS NOT "Global Administrator".

pentium75
Jul 9, 2021

https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review "Prerequisites: Azure AD Premium P2, Global administrator or User administrator, Microsoft 365 and Security group owner (Preview)" Per this, User Administrator should have the permission. If it still is not there, then it's probably due lack of P2. In any case, "Service Administrator" has nothing to do with it, so the answer to THIS specific question ('does assigning Service Administrator fix the issue') is definitely NO.

syu31svc
Sep 4, 2021

Answer is No https://docs.microsoft.com/en-us/azure/active-directory/governance/create-access-review Prerequisites Azure AD Premium P2 Global administrator or User administrator Microsoft 365 and Security group owner (Preview)

jh5280
Sep 3, 2020

So to me, based on this URL: https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#license-requirements Seems that once you assign the global administrator role, you don't need the P2 license, therefor, base on the above question it should satisfy the need as Admin1 has the Global Administrator role, is this not correct?

Sri_N
Sep 6, 2020

It depends on how you create the review, In most cases you will need at least one depending on who does the review.

bc5468521
Sep 14, 2020

true, the user administrator does not require a license to create access review either. The issue is not a global admin or user admin or license; the issue is the user does not consent to PIM term. the answer is NO

ManuPadipura
Oct 8, 2020

Anyone know what is the correct answer?

Aand1234
Sep 2, 2020

No, as it doesn't have P2 license. It requires both P2 license and Role

Sri_N
Sep 6, 2020

P2 license is already applied refer the following statement "Admin1 discovers that all the other identity Governance settings are available."

Rayrichi
Sep 28, 2020

@Sri_N what answer would you recommend?

Rayrichi
Sep 28, 2020

@Sri_N what answer would you recommend?

leahchawas
Jul 17, 2021

For access reviews to be possible ,a Tenant needs an Az AD Premium P2 licence to be assigned to the tenant 1st.If this licence is assigned User Administration role should suffice to achieve access reviews.In this case there is no Premium P2 licence assigned to the tenant and so i think NO is the correct answer here ...

Guilherme
Sep 21, 2020

I think the correct answer would be "Onboard the Tenant to allow for access reviews", because he is already a user administrator and already have an Azure P2 Licence (all the other identity Governance settings are available)

jd94
Jun 12, 2021

6/12/2021. Passed the exam. NO

nfett
Jun 10, 2021

A is the answer per https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles

El_Hechizo
Jun 27, 2021

according to Create an access review of groups & applications - Azure AD | Microsoft Docs user administrator can create access reviews if admin1 can't do it should be because they don't have the P2 Licence. Therefore answer is NO

Nands23
Dec 29, 2021

This was on today's exam. 12/29/2021 correct answer

JayBee65
Feb 2, 2022

So what we are saying here is that the Admin has the rights they required but AAD does not support it since "Access reviews settings are unavailable", and so a P2 license must not be available, so assigning extra permissions won't help anything.