SC-300 Exam QuestionsBrowse all questions from this exam
Go to Exam

SC-300 Exam - Question 36

HOTSPOT

-

You have a Microsoft 365 tenant that has 5,000 users. One hundred of the users are executives. The executives have a dedicated support team.

You need to ensure that the support team can reset passwords and manage multi-factor authentication (MFA) settings for only the executives. The solution must use the principle of least privilege.

Which object type and Azure Active Directory (Azure AD) role should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer:

Discussion

16 comments
Sign in to comment
Halwagy
Jan 17, 2023

Correct Answer: Object Type: Administrative Unit Role: Authentication administrator

skbudhram
Feb 23, 2023

Sheesh this site has a lot of wrong answers, what's the point even ..

Akakentavr
Jan 25, 2023

As well regarding the Authentication administrator or Helpdesk administrator options pay attention to "executives" in our case and Helpdesk administrator -Can reset passwords for non-administrators and Helpdesk Administrators. So Authentication administrator is our choice

dule27
Jun 7, 2023

Object Type: An administrative unit Role: Authentication administrator

natazar
Jan 16, 2023

admin unit way to go

dejo
Jan 21, 2023

Object type: An administrative unit Role: Helpdesk administrator Helpdesk admin has less power in resetting passwords than Auth admin and others https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#who-can-reset-passwords

Halwagy
Jan 22, 2023

Helpdesk administrator cannot reset MFA settings only password reset, then Authentication administrator will be the right one

dejo
Jan 23, 2023

well that's true :)

b0tag
Aug 21, 2023

Should be Administrative Unit Helpdesk administrator - The Authentication Administrator role is less privileged than the Helpdesk Administrator role The Authentication Administrator role has permissions to manage authentication methods and password reset whereas the Helpdesk Administrator role has permissions to manage passwords, groups, and users.

daschicken
Oct 13, 2023

You are right regarding the difference between helpdesk and authentication Admin.... Therefore the answer is: Administrative unit Authentication Admin The Support Team shall only reset MFA and Passworts and regarding least privileg this IS the best role

dule27
Jul 6, 2023

Object Type: An Administrative Unit Role: Authentication Administrator

EmnCours
Jul 18, 2023

Object Type: Administrative Unit Role: Authentication administrator

Remus999
Apr 14, 2023

Authentication Administrator is the least privileged role to manage MFA as per https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#multi-factor-authentication

rajbne
Apr 18, 2023

Please update final answer

b233f0a
Jun 8, 2023

Role: Authentication Administrator - https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#authentication-administrator - "Set or reset any authentication method (including passwords) for non-administrators"

HartMS
Apr 14, 2024

AU Authentication Administrator

jojoseph
Jan 23, 2023

Object Type: Administrative Unit Role: Authentication administrator

ExamStudy68
Apr 13, 2023

Maybe it's by design to force discussion and make you think about it or look it up... Not sure really.

ShoaibPKDXB
May 10, 2023

Correct: Object Type: An Administrative Unit Role: Authentication Administrator

MISCOLO
Jun 5, 2024

no such thing as a custom admin role

SamuelPerezMartin
Jul 15, 2024

Microsoft Entra allows you to create custom admin roles.