Examice

Exam AZ-104 All QuestionsBrowse all questions from this exam

Question 110

HOTSPOT

You have an Azure AD tenant named contoso.com.

You have two external partner organizations named fabrikam.com and litwareinc.com. Fabrikam.com is configured as a connected organization.

You create an access package as shown in the Access package exhibit. (Click the Access package tab.)

You configure the external user lifecycle settings as shown in the Lifecycle exhibit. (Click the Lifecycle tab.)

For each of the following statements, select Yes if the statement is true. Otherwise, select No.

NOTE: Each correct selection is worth one point.

Correct Answer:

Discussion

PlaceboC6

N - Because not Connected Y - Because when it expires it is removed from the group. Proof to follow Y - Because..math https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources When a user's access package assignment expires, they are removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team.

AK4U_111

After reading this article, i would say NYY is correct. Thank you

Indy429

But this example states that the users will not immediately be removed after the expiration of their access package. This will happen after 30 days of expiration, which would be after 395 days, not 365 days. In this case if you base it of off the example, the answers should be N N Y Comprehensive reading is just as important as technical knowledge guys.

rnd3131

the group 1 will be removed directly after 365 day, the EXT USER will be removed from the DIRECTORY (tenant) after 395 days. as described in the article of PlaceboC6: When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team.

3c5adce

Confirmed

a6bd45e

Regarding the first statement: The package is set so those from organization that is not connected cannot request to be added. Does it mean they cannot be assigned (by Owner for example)? The package defines "cannot request access". The statement says "can be assigned".

Ruby1133299

N not a connected organisation N expired not remove Y 365 + 30 = 395 removed

RougePotatoe

Why don't people cite their sources. so we know for sure that expired isn't the same as removed.

RougePotatoe

I mis-read the question. I still wish people would cite their sources though.

Indy429

This is the right answer If Q2 said "EXPIRE" it would be Yes, but it said "REMOVE" which will only happen 30 days after expiring

Mehedi007

N: Litwareinc is not a connected organization. Y: "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team." https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources#add-a-group-or-team-resource-role Y: Lifecycle rule - 30 days past after package expiration

GoldenDisciple2

Thank you for this. I was really leaning more towards NNY because 1) I've been studying daily for hours at a time and sometimes get to a point where I don't feel like looking stuff up, and 2) because so many people say NNY which makes sense in my mind, but the article you posted literally spells it out plainly "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team." It makes sense that if someone's access expires that their info stays in the system and either needs to be removed manually or removed through some type of policy but the article CLEARLY says they will be removed upon expiration. Thanks for posting!

SkyZeroZx

1.- N : Because not has a permissons 2.- N : Because is expired not delete 3.-Y : Because 365 + 30 to delete/remove is correct The answer https://www.youtube.com/watch?v=J136cq9r0u8&list=PLlKA5U_Yqgof3H0YWhzvarFixW9QLTr4S&index=53

Jedi_sg2000

that make sense!

katrvintraiz

The answer https://www.youtube.com/watch?v=J136cq9r0u8&list=PLlKA5U_Yqgof3H0YWhzvarFixW9QLTr4S&index=53

gachocop3

NNY 1- Not a connected organization 2. Expired no remove 3. 365 + 30 = 395 = removed

Kr1s

Q was in exam 29th July 2023

JeremyChainsaw

This one is No, No, Yes. NO -Liteware.com is not connected, only Fabrikam. No - The access package expires after 365 days, but the configuration to remove them from the group 30 days after the package has expired. 365 + 30, No. Yes - External users are removed from the tenant 30 days after their last access package expires. so at 365 days (the point when the access package expires), the 30 day Group + tenant removal countdown starts. a t +30 days, 395 total, the user is removed from the group and tenant.

Series_0011

N Y - Group membership is only maintained after losing access to the access package if it was previously in the group before being assigned to the access package or if they are assigned to another access package that also includes that group or team. When access expires they are removed from the group or team. Y https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources

varinder82

Final Answer: N not a connected organisation N expired not remove Y 365 + 30 = 395 removed

hebbo777

N N : "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team" .. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources Y - 365+30 = 395 deleted.

oopspruu

It is NYY. N - Not a connected organization Y - After 365 days, the access package expires. If you read the description of "Manage Lifecycle" carefully, the removal part needs the expiration to go on for at least 30 days. Which means: Y - 365+30 = 395 Days == Removal

amsioso

N,N,Y https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-external-users#manage-the-lifecycle-of-external-users

anyidea

By default, when an external user no longer has any access package assignments, they're blocked from signing in to your directory. After 30 days, their guest user account is removed from your directory.

3c5adce

ChatGPT4 says No no no

ziggy1117

N N - When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team. https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-resources#add-a-group-or-team-resource-role Y

ziggy1117

sorry should be N-Y-Y

skeleto11

NO - Not connected NO - It is not removed from the group when their access package assignment is removed, they remain in the resource role. For example, if a user was a member of a group, and was assigned to an access package that included group membership for that group as a resource role, and then that user's access package assignment was removed, the user would retain their group membership. https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources Y - 365+30 = 395 deleted.

alexandrud

The answer for the second question should be YES - "When a user's access package assignment expires, they're removed from the group or team, unless they currently have an assignment to another access package that includes that same group or team." -> Source of the explanation is your link: https://learn.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-resources

mandogrogus

NNY makes sense, but why is Y marked with red in 1 ?