You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com.
Several users use their contoso.com email address for self-service sign-up to Azure AD.
You gain global administrator privileges to the Azure AD tenant that contains the self-signed users.
You need to prevent the users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services.
Which PowerShell cmdlet should you run?
To prevent users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services, you need to manage the domain properties within Azure AD. The Update-MgDomain cmdlet is used to update domain properties, including controlling user permissions for signing up for services using a specified domain, which is appropriate for this scenario.
The correct answer is B. Update-MgPolicyPermissionGrantPolicyExclude. The Update-MgPolicyPermissionGrantPolicyExclude cmdlet is used to exclude a policy from being applied to a specific set of users. In this case, you can use the cmdlet to exclude the self-service sign-up policy from being applied to users with the contoso.com SMTP address space.
https://learn.microsoft.com/en-us/microsoft-365/admin/misc/self-service-sign-up?view=o365-worldwide#:~:text=To%20control%20whether%20users%20can%20sign%20up%20for%20self%2Dservice%20subscriptions%2C%20use%20the%20Update%2DMgPolicyAuthorizationPolicy%20PowerShell%20cmdlet%20with%20the%20AllowAdHocSubscriptions%20parameter. however when you go to MG documentation for that CMDlet this parameter is not even listed. Most likely is changed to these allowedToSignUpEmailBasedSubscriptions=$true allowEmailVerifiedUsersToJoinOrganization=$false
I think the answer is B. The given answer seems to be related to the organizational data not setting what can and cannot be done within the organization. B does provide mechanisms to prevent user actions. C - doesn't seem to apply at all.
I stand for B
B You use the Update-MgPolicyAuthorizationPolicy cmdlet with the AllowAdHocSubscriptions parameter to control whether users can sign up for self-service sign-up subscriptions.
la opción A, es la correcta. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-signup
Per Copilot: C. Update-MgDomain. The Update-MgDomain cmdlet is used to update the properties of a domain in Azure Active Directory (Azure AD). You can use this cmdlet to disable the ability for users to sign up for Microsoft 365 services using their contoso.com email address. Please note that the other options: A. Update-MgOrganization is not related to managing user sign-ups. B. Update-MgPolicyPermissionGrantPolicyExclude does not exist. D. Update-MgDomainFederationConfiguration is used to manage federation configurations, not user sign-ups. Therefore, option C is the most suitable choice for this task. If you dont give the answer options: To prevent users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services, you should run the Set-MsolCompanySettings cmdlet with the -UsersPermissionToCreateSelfServiceApplication parameter set to $false.
Import-Module Microsoft.Graph.Identity.SignIns connect-MgGraph -Scopes "Policy.ReadWrite.Authorization" $param = @{ allowedToSignUpEmailBasedSubscriptions=$true allowEmailVerifiedUsersToJoinOrganization=$false } Update-MgPolicyAuthorizationPolicy -BodyParameter $param
Yeah I'm not seeing the answer in this list, must be an updated question in the exam. I used to be Set-MsolCompanySettings but your Graph commands are whats in the article.