You have an Azure subscription.
You configure the subscription to use a different Azure Active Directory (Azure AD) tenant.
What are two possible effects of the change? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
When you configure an Azure subscription to use a different Azure Active Directory (Azure AD) tenant, it results in the loss of specific configurations related to the original tenant. Firstly, role assignments at the subscription level, which are associated with the Azure AD users, will be lost as these assignments are based on the identities in the original Azure AD tenant. Secondly, virtual machine managed identities are tied to the specific Azure AD tenant, thus changing the tenant will invalidate these managed identities, necessitating their reconfiguration. Existing resources like virtual machine disk snapshots and Azure resources themselves will not be deleted as they are not directly related to the Azure AD tenant.
Review the following list of changes that will occur after you associate or add your subscription, and how you might be affected: Users that have been assigned roles using RBAC will lose their access Service Administrator and Co-Administrators will lose access If you have any key vaults, they'll be inaccessible and you'll have to fix them after association If you have any managed identities for resources such as Virtual Machines or Logic Apps, you must re-enable or recreate them after the association If you have a registered Azure Stack, you'll have to re-register it after association https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
tested - AB
A and B are correct answers. When you change to a different Azure AD tenant your user identities are changed to. This basically mean the role assignment assigned to those identities are no longer valid. When you enable a system-assigned managed identity an identity is created in Azure AD that is tied to the lifecycle of that service instance. So if you change to different Azure AD such an identity is no longer valid. https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types
Got this in the AZ-500 exam (Sept 2021)! A: A&B
Correct
captain obvious
Answer correct. AB
On exam, May 2021.
A & B are correct.
Correct Answer
#exam question # 29 Sep
Correct
AB should the correct answer
correct answer
A. Role assignments at the subscription level are lost. B. Virtual machine managed identities are lost.
A. Role assignments at the subscription level are lost. B. Virtual machine managed identities are lost.
This is a more updated documentation https://learn.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription#understand-the-impact-of-transferring-a-subscription