Exam SC-300 All QuestionsBrowse all questions from this exam
Go to Exam
Question 36

HOTSPOT

-

You have a Microsoft 365 tenant that has 5,000 users. One hundred of the users are executives. The executives have a dedicated support team.

You need to ensure that the support team can reset passwords and manage multi-factor authentication (MFA) settings for only the executives. The solution must use the principle of least privilege.

Which object type and Azure Active Directory (Azure AD) role should you use? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
Halwagy

Correct Answer: Object Type: Administrative Unit Role: Authentication administrator

skbudhram

Sheesh this site has a lot of wrong answers, what's the point even ..

Akakentavr

As well regarding the Authentication administrator or Helpdesk administrator options pay attention to "executives" in our case and Helpdesk administrator -Can reset passwords for non-administrators and Helpdesk Administrators. So Authentication administrator is our choice

dule27

Object Type: An administrative unit Role: Authentication administrator

b0tag

Should be Administrative Unit Helpdesk administrator - The Authentication Administrator role is less privileged than the Helpdesk Administrator role The Authentication Administrator role has permissions to manage authentication methods and password reset whereas the Helpdesk Administrator role has permissions to manage passwords, groups, and users.

daschicken

You are right regarding the difference between helpdesk and authentication Admin.... Therefore the answer is: Administrative unit Authentication Admin The Support Team shall only reset MFA and Passworts and regarding least privileg this IS the best role

dejo

Object type: An administrative unit Role: Helpdesk administrator Helpdesk admin has less power in resetting passwords than Auth admin and others https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#who-can-reset-passwords

Halwagy

Helpdesk administrator cannot reset MFA settings only password reset, then Authentication administrator will be the right one

dejo

well that's true :)

natazar

admin unit way to go

EmnCours

Object Type: Administrative Unit Role: Authentication administrator

dule27

Object Type: An Administrative Unit Role: Authentication Administrator

HartMS

AU Authentication Administrator

b233f0a

Role: Authentication Administrator - https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#authentication-administrator - "Set or reset any authentication method (including passwords) for non-administrators"

rajbne

Please update final answer

Remus999

Authentication Administrator is the least privileged role to manage MFA as per https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task#multi-factor-authentication

MISCOLO

no such thing as a custom admin role

SamuelPerezMartin

Microsoft Entra allows you to create custom admin roles.

ShoaibPKDXB

Correct: Object Type: An Administrative Unit Role: Authentication Administrator

jojoseph

Object Type: Administrative Unit Role: Authentication administrator

ExamStudy68

Maybe it's by design to force discussion and make you think about it or look it up... Not sure really.