HOTSPOT -
You have an Azure subscription that contains the Azure Active Directory (Azure AD) resources shown in the following table.
You create the groups shown in the following table.
Which resources can you add to Group5 and Group6? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Given answers are correct. For Group5, You can add enterprise applications to security groups. (Tested & Verified)
Answer is Group5: User1, Group1, Managed1 Group6: User1 Here is why: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-learn-about-groups#group-types Members of a security group can include users, devices, other groups, and service principals, which define access policy and permissions. Owners of a security group can include users and service principals. Members of a Microsoft 365 group can only include users.
For Group 5 your answer is wrong. When an app is registered a service principal is created. according to your description service principle can be added in security group. Therefore, App1 also can be added.
App1 is not an App Registration but an Enterprise Application. An Enterprise Application is a Service Principal. So, answer is Group5: User1, Group1, Managed1, App1 Group6: User1
1. User1, Group1, Managed1, and App1 2. User1 only https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-learn-about-groups#group-types - Security: Used to manage user and computer access to shared resources. For example, you can create a security group so that all group members have the same set of security permissions. Members of a security group can include users, devices, other groups, and service principals, which define access policy and permissions. Owners of a security group can include users and service principals. - Microsoft 365: Provides collaboration opportunities by giving group members access to a shared mailbox, calendar, files, SharePoint sites, and more. This option also lets you give people outside of your organization access to the group. Members of a Microsoft 365 group can only include users. Owners of a Microsoft 365 group can include users and service principals.
# In EXAM - 01-Oct-2022
Security groups can be used for either devices or users, but Microsoft 365 Groups can be only user groups. Given answer is correct
# In exam today 03/12/2022
in exam 08/12/23
In Exam - 28/7/2023
Correction for Group 5: User1, Group1, Managed1, App1
Group5: User1, Group1, Managed1 Group6: User1
Some extra info with an added link. After identifying the resource types of your resources, you must investigate if they can be moved, and the restrictions that are in place. Check your resource types against the move list below. The list shows whether each resource type can be moved between resource groups or between subscriptions: https://docs.microsoft.com/en-us/learn/modules/move-azure-resources-another-resource-group/4-assess-resources For example, these resources can be moved: Azure Storage accounts Azure virtual machines Azure virtual networks These resources can't be moved: Azure Active Directory domain services Azure Backup vaults Azure App Service gateways
Unfortunately, you cannot add an application as a member of Azure AD group. https://stackoverflow.com/questions/47762262/add-aad-application-as-a-member-of-a-security-group so the answer is user 1 ,managed1 and group 1 only for the first one
Sorry HananS. I just tested it and it worked. So, yes, we an app can be added as a member of a AZ AD Security group. Answer is correct.
Just like JL15546 says, plus think of the app as a service principal to which roles can be assigned.
When we create managed identity does not matter user assigned and system assigned it registered as an enterprise application in our tenant and we can add the to them to the security groups. All in all, we can add user assigned, system assigned managed identities, service principals to the security groups as well as users and other security groups, we cannot add Microsoft 365 group to the security groups. From here we can say that for the Box-1 we can choose , User1,Group1,Manged1,App1(this is service principial as question says this has been registered in entra that is why we can add it as well). For the box 2 we can only add User1, we cannot add Service principal, devices, security groups, managed identity to the Microsoft 365 group. Answer will be like this: Box-1 All Box-2 only User1. Regards! Quick not also given answer is corret!
In Azure, you cannot have a device and a user in the same security group. Dynamic groups in Azure Active Directory (Azure AD) can be created for devices or for users, but you can’t create a rule that contains both users and devices. Device membership rules can reference only device attributes1. This means you would need to create separate groups for users and devices if you want to manage them dynamically based on their attributes. If you need to manage devices and users together in some way, you might consider creating separate groups and then using Azure policies or other management tools to apply the necessary controls across those groups. For the above reason, it can be concluded that the answer to Group5 is User1 Only.
I think the answer is wrong for Group 5 because you cannot have devices and users in the same group. Therefore Group 1 cannot be in Group 5 as the others.
You cannot add AppRegistraion to a security group just tested in the lab no option to add to enterprise application is coming up in the list of members
App1 is an Enterprise Application, not an AppRegistration.
The answer is correct according to the link https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-groups-membership-azure-portal