HOTSPOT -
You have an Azure Active Directory (Azure AD) tenant that contains two users named User1 and User2 and a registered app named App1.
You create an app-specific role named Role1.
You need to assign Role1 to User1 and enable User2 to request access to App1.
Which two settings should you modify? To answer, select the appropriate settings in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:
Box 1: Roles and administrators -
Here you will find Role1 and be able to assign User1 to the role.
Box 2: Self Service -
Under Self Service, there is an option to ג€Allow users to request access to this applicationג€.
Answer is wrong I tried it manually on a lab, Roles and Administrators is limited only to a few builtin AD roles I think the answer should be 1. Users and Groups for User1 2. Self-service for User2
You are right, I took the bother of creating a custom App Role and all I could do with it is assign it to a group (already added to the app) from Users and Groups
correct
This is the correct answer
The selected answers are correct. You can create a custom App Role (if you have appropriate licensing) and add it via Roles and Administrators. https://learn.microsoft.com/en-us/azure/active-directory/roles/custom-enterprise-apps#create-a-new-custom-role
Agree. Tested in the lab. You can assign a role to the user via Roles and Administrators
If the custom role is created in Azure Entra, you can assign that role from Roles and Administrators blade. If the custom role is created in Azure, you cannot see that role in Roles and Admin and hence cannot assign it. The question doesnt explicitly mention where the role is created, but since the question is explicitly mentioning that we have Azure AD, its assumed that they are talking acount the role created in Azure AD and not Azure. With this understanding, I would think the given answers are correct.
1. Roles and administrators 2. Self-service https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access#enable-self-service-application-access-to-allow-users-to-find-their-own-applications Self-service application access is a great way to allow users to self-discover applications, and optionally allow the business group to approve access to those applications. For password single-sign on applications, you can also allow the business group to manage the credentials assigned to those users from their own My Apps portal.
The question is poorly worded. "App-specific role" means nothing. It is not clear if the custom role is an AD (Entra) role and an RBAC role.
Roles and administrators-assign Role1 to User1 Self service-enable User2 to request access to App1
Agreed with Parab. User 1 - Users and Groups User 2 - Self-service
Given answer are correct since the question mentioned about custom role. However, in order to add custom role, P1 or P2 license is required. Below from the Azure dashboard - "To create custom roles, your organization needs Microsoft Entra ID Premium P1 or P2".
Box 1:users and groups Box 2: Self Service - Under Self Service, there is an option to Allow users to request access to this application.
1. Users and Groups for User1 2. Self-service for User2
The selected answers are correct.
Vote for users and groups for #1 since Roles and Administrators section still in preview [As shown in screenshot]
It is not in preview anymore.