AZ-104 Exam QuestionsBrowse all questions from this exam
Go to Exam

AZ-104 Exam - Question 110

HOTSPOT

-

You have an Azure AD tenant named contoso.com.

You have two external partner organizations named fabrikam.com and litwareinc.com. Fabrikam.com is configured as a connected organization.

You create an access package as shown in the Access package exhibit. (Click the Access package tab.)

You configure the external user lifecycle settings as shown in the Lifecycle exhibit. (Click the Lifecycle tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Show Answer
Correct Answer:

Discussion

17 comments
Sign in to comment
PlaceboC6
Feb 21, 2023

N - Because not Connected Y - Because when it expires it is removed from the group. Proof to follow Y - Because..math https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources When a user's access package assignment expires, they are removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team.

AK4U_111
Mar 1, 2023

After reading this article, i would say NYY is correct. Thank you

Indy429
Dec 17, 2023

But this example states that the users will not immediately be removed after the expiration of their access package. This will happen after 30 days of expiration, which would be after 395 days, not 365 days. In this case if you base it of off the example, the answers should be N N Y Comprehensive reading is just as important as technical knowledge guys.

rnd3131
Jan 15, 2024

the group 1 will be removed directly after 365 day, the EXT USER will be removed from the DIRECTORY (tenant) after 395 days. as described in the article of PlaceboC6: When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team.

3c5adce
May 12, 2024

Confirmed

a6bd45e
Jul 12, 2024

Regarding the first statement: The package is set so those from organization that is not connected cannot request to be added. Does it mean they cannot be assigned (by Owner for example)? The package defines "cannot request access". The statement says "can be assigned".

Ruby1133299
Jan 7, 2023

N not a connected organisation N expired not remove Y 365 + 30 = 395 removed

RougePotatoe
Jan 25, 2023

Why don't people cite their sources. so we know for sure that expired isn't the same as removed.

RougePotatoe
Jan 25, 2023

I mis-read the question. I still wish people would cite their sources though.

Indy429
Dec 17, 2023

This is the right answer If Q2 said "EXPIRE" it would be Yes, but it said "REMOVE" which will only happen 30 days after expiring

Mehedi007
Jul 29, 2023

N: Litwareinc is not a connected organization. Y: "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team." https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources#add-a-group-or-team-resource-role Y: Lifecycle rule - 30 days past after package expiration

GoldenDisciple2
Aug 31, 2023

Thank you for this. I was really leaning more towards NNY because 1) I've been studying daily for hours at a time and sometimes get to a point where I don't feel like looking stuff up, and 2) because so many people say NNY which makes sense in my mind, but the article you posted literally spells it out plainly "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team." It makes sense that if someone's access expires that their info stays in the system and either needs to be removed manually or removed through some type of policy but the article CLEARLY says they will be removed upon expiration. Thanks for posting!

SkyZeroZx
Jan 5, 2024

1.- N : Because not has a permissons 2.- N : Because is expired not delete 3.-Y : Because 365 + 30 to delete/remove is correct The answer https://www.youtube.com/watch?v=J136cq9r0u8&list=PLlKA5U_Yqgof3H0YWhzvarFixW9QLTr4S&index=53

Jedi_sg2000
Jun 25, 2024

that make sense!

katrvintraiz
Nov 7, 2023

The answer https://www.youtube.com/watch?v=J136cq9r0u8&list=PLlKA5U_Yqgof3H0YWhzvarFixW9QLTr4S&index=53

gachocop3
Aug 1, 2023

NNY 1- Not a connected organization 2. Expired no remove 3. 365 + 30 = 395 = removed

JeremyChainsaw
Jul 21, 2023

This one is No, No, Yes. NO -Liteware.com is not connected, only Fabrikam. No - The access package expires after 365 days, but the configuration to remove them from the group 30 days after the package has expired. 365 + 30, No. Yes - External users are removed from the tenant 30 days after their last access package expires. so at 365 days (the point when the access package expires), the 30 day Group + tenant removal countdown starts. a t +30 days, 395 total, the user is removed from the group and tenant.

Kr1s
Jul 31, 2023

Q was in exam 29th July 2023

Series_0011
Oct 11, 2023

N Y - Group membership is only maintained after losing access to the access package if it was previously in the group before being assigned to the access package or if they are assigned to another access package that also includes that group or team. When access expires they are removed from the group or team. Y https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources

oopspruu
Aug 16, 2023

It is NYY. N - Not a connected organization Y - After 365 days, the access package expires. If you read the description of "Manage Lifecycle" carefully, the removal part needs the expiration to go on for at least 30 days. Which means: Y - 365+30 = 395 Days == Removal

hebbo777
Nov 12, 2023

N N : "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team" .. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources Y - 365+30 = 395 deleted.

varinder82
May 13, 2024

Final Answer: N not a connected organisation N expired not remove Y 365 + 30 = 395 removed

amsioso
Oct 29, 2023

N,N,Y https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-external-users#manage-the-lifecycle-of-external-users

anyidea
May 31, 2024

By default, when an external user no longer has any access package assignments, they're blocked from signing in to your directory. After 30 days, their guest user account is removed from your directory.

mandogrogus
Sep 15, 2023

NNY makes sense, but why is Y marked with red in 1 ?

skeleto11
Sep 27, 2023

NO - Not connected NO - It is not removed from the group when their access package assignment is removed, they remain in the resource role. For example, if a user was a member of a group, and was assigned to an access package that included group membership for that group as a resource role, and then that user's access package assignment was removed, the user would retain their group membership. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources Y - 365+30 = 395 deleted.

alexandrud
Oct 17, 2023

The answer for the second question should be YES - "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team." -> Source of the explanation is your link: https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources

ziggy1117
Nov 3, 2023

N N - When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team. https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-resources#add-a-group-or-team-resource-role Y

ziggy1117
Nov 6, 2023

sorry should be N-Y-Y

3c5adce
May 11, 2024

ChatGPT4 says No no no