HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant named contoso.com that contains the users shown in the following table.
Contoso.com contains a group naming policy. The policy has a custom blocked word list rule that includes the word Contoso.
Which users can create a group named Contoso Sales in contoso.com? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy
1) Admin1,2,3 because policy naming blocks only apply to O365 2) Admin 1,3 because Global Admin and User Admin are exempt. https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy
1) Does that mean that they all can create the security groups?
yessssss
Explanation provided in the link shows the answer provided is CORRECT: Some administrator roles are exempted from these policies, across all group workloads and endpoints, so that they can create groups using blocked words and with their own naming conventions. The following administrator roles are exempted from the group naming policy: Global Administrator User Administrator https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy
Group policy is apply only to the O365. When group naming policy is configured, the policy will be applied to new Microsoft 365 groups created by end users. Naming policy does not apply to certain directory roles, such as Global Administrator or User Administrator (please see below for the complete list of roles exempted from group naming policy). For existing Microsoft 365 groups, the policy will not immediately apply at the time of configuration. Once group owner edits the group name for these groups, naming policy will be enforced, even if no changes are made.
FROM MICROSOFT: When group naming policy is configured, the policy will be applied to new Microsoft 365 groups created by end users. Naming policy does not apply to certain directory roles, such as Global Administrator or User Administrator
On an exam on 7/8/23
Test on Lab Three Admin 1,2&3 can create Security Group. Admin 1 , 3 only can create M365 Group
1. admin1, admin2, admin3 2. admin1, admin3
1) Admin1,2,3 because policy naming blocks only apply to O365 2) Admin 1,3 because Global Admin and User Admin are exempt.
The policy will be applied to new Microsoft 365 groups created by end users. Naming policy does not apply to certain directory roles, such as Global Administrator or User Administrator. 1) Admin1,2,3 2) Admin 1,3
Given answers are correct: Some administrator roles are exempted from these policies, across all group workloads and endpoints, so that they can create groups by using blocked words and with their own naming conventions. The following administrator roles are exempted from the group naming policy: Global Administrator User Administrator Explicitly state here: https://learn.microsoft.com/en-us/entra/identity/users/groups-naming-policy
same for Office 365 When a group naming policy is configured, the policy is applied to new Microsoft 365 groups created by users. A naming policy doesn't apply to certain directory roles, such as Global Administrator or User Administrator. (For the complete list of roles exempted from a group naming policy, see the "Roles and permissions" section.) For existing Microsoft 365 groups, the policy isn't immediately applied at the time of configuration. After a group owner edits the group name for these groups, the naming policy is enforced even if no changes are made. See link for proof: https://learn.microsoft.com/en-us/entra/identity/users/groups-naming-policy
Given Answer is correct
Sorry my bad, 1- admin1, admin2, admin3 ( naming policy only apply to 365 groups 2- admin1, admin3 ( only global admin and user admin) are exempted from the naming policy
https://docs.microsoft.com/en-us/microsoft-365/admin/create-groups/office-365-groups?view=o365-worldwide. Only global admins, user admins, and groups admins can create and manage groups in the Microsoft 365 admin center. so for NO. 2 it should be all and also for NO.2 it should be all
correction: Question says "group administrator", it is "Groups Administrator", so group administrator could be a custom role, so i will go with "global administrator and user administrator"
Admin 1, 2 and 3 can create Security group. Admin 1 and 3 is correct for O365 Security Groups. https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy#roles-and-permissions
The answer is correct. 1) Admin 1 and Admin 3 only 2) Admin 1 and Admin 3 only Even though the policy naming applies only for M365 groups, the Groups Admin Role is designed mainly for Office 365 groups and cannot manage other group types like distribution groups, mail-enabled security groups or shared mailboxes. https://techcommunity.microsoft.com/t5/microsoft-365-groups/introducing-the-groups-admin-role/m-p/978995 The following administrator roles are exempted from the group naming policy: Global Administrator User Administrator https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-naming-policy
Short: Naming policy only applies to Microsoft 365 groups: "When group naming policy is configured, the policy will be applied to new Microsoft 365 groups created by end users. Naming policy does not apply to certain directory roles, such as Global Administrator or User Administrator"
This is correct!
#exam ques # 29 Sep
## Exam Question - 24 Sept 2021 ##