HOTSPOT -
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.
Adatum.com contains the users shown in the following table.
You assign an Azure Active Directory Premium P2 license to Group1 as shown in the following exhibit.
Group2 is NOT directly assigned a license.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
OpenAI "No: User1 is a member of Group1, which has been assigned the Azure Active Directory Premium P2 license, but not the Microsoft Defender for Cloud Apps Discovery license. Since Group1 does not have the Microsoft Defender for Cloud Apps Discovery license assigned, User1 cannot be assigned that license either. No: User1 is a member of Group1, which has been directly assigned the Azure Active Directory Premium P2 license. Since User1 inherits the license from Group1, the Azure Active Directory Premium P2 license cannot be removed from User1 individually. It can only be removed by removing the license assignment from Group1. No: User2 is a member of Group2, which is not directly assigned any licenses. Therefore, User2 does not inherit the Azure Active Directory Premium P2 license or any other license assigned to Group2. To assign the Azure Active Directory Premium P2 license to User2, it would need to be directly assigned to User2 or to a group that User2 is a member of."
You are correct because defender is already off for assignment .
Much confusion on question 1. But if the license could not be assigned, the licensed would not be available or greyed out. Which it isn't. Does anybody have the same experience?
question given you a scenario to work on it not can and doing your out of the box workaround!
How can this have 41 upvotes?! Answers of generative AI, such as Chat GPT, are not reliable! It's called AI hallucination. Ask it a question to a difficult technical problem and the answer will most likely contain errors.
this is so confusing. everybody thinks differently and the suggested answer is probably wrong too.
Makes it worse to study these when there is so much disagreement.
Answer is NNN, credetis goes the guy who tested it in this yt video: https://youtu.be/np-6s3N-1iQ?t=201
Correct me if I’m wrong. Since the license is assigned to a group, you cannot remove the license from user1 directly. Instead, you remove the license by removing User1 from group1. Thanks!
You are right because this is the way Microsoft likes to ask questions. Super annoying.
In fact, this is a very very annoying certification. Many questions are tricky, poorly worded, they are not meant for reasoning but for memorizing.
you seems right according to that:Direct licenses coexist with group licenses When a user inherits a license from a group, you can't directly remove or modify that license in the user's properties. You can change the license assignment only in the group and the changes are then propagated to all group members. If you need to assign other features to a user that has their license from a group license assignment, you must create another group to assign the other features to the user. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced
This is very frustrating, why examtopics didnt added correct answers. For every question there is conflict answers in comment
because the answers are *free*
Tested in lab: 1 -> Went to licenses -> All products -> Selected my P2 license -> Assigned to a group WITHOUT Cloud for apps discovery -> Then went to Licensed groups -> Found out 9/10 services enabled, Then Cloud for apps discovery is NOT and answer is NO 2. Went to licenses -> All products -> Selected my P2 license -> Licensed groups -> See all members -> Could pick one and REMOVE assignment 3. No sense to test in lab, as MS Doc indicates --> "Group-based licensing currently doesn't support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied" https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced
N / N / N Really good explanation here: https://www.youtube.com/watch?v=np-6s3N-1iQ
I think it should be NNN 1) N - because you need to purchase a separate defender license before you can assign it to the user. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/minimum-requirements?view=o365-worldwide#licensing-requirements 2) N - When a user inherits a license from a group, you can't directly remove or modify that license in the user's properties. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced#direct-licenses-coexist-with-group-licenses 3) N - Group-based licensing currently doesn't support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced#limitations-and-known-issues
three of them NOOOO i tested already
I tested in Microsoft Entra Portal: 1) N 2) N 3) N
Is microsoft really coming up with these questions? They need to go back to 3rd grade english class. So the first statement states "You can assign User1 the Microsoft Defender for Cloud Apps Discovery license". For one, you could go back to where you assign Users and Groups and just add User1 and then hit "On" next to the MS Defender for Cloud Apps". Statement 2 asks if we can removed the AAD Premium 2 license from User1 and there is a way to do it.... All you'd have to do is remove them from Group1 but I'm assuming the answer is No for this one even though Yes you can. The only statement that is a good question is 3. User2 is assigned the AAD Premium P2 which is a flat no. Absolutely not. The other two statements are questionable. I feel like the answer could be YYN, YNN, or NNN. What's stopping the admin from clicking On next to "MS Defender..."? Nothing. Should be yes. Man my head hurts...
If a user inherits a license from a group, this license appears in the Office admin portal as a regular user license. If you try to modify that license or try to remove the license, the portal returns an error message. Inherited group licenses can't be modified directly on a user. NO NO NO
1) N 2) N 3) N
It should be YNN. 1. As cloud discovery is ticked OFF, it means it is not assigned to any user in that group. Hence, you can directly apply the cloud discovery license to the user because it will not conflict with existing licenses. N - Only directly applied licenses can be removed from the User1. Any licenses applied through group cannot be removed. N - Nested groups do not inherit licenses as of today.
N/N/N Defender is an option within the P2 license, not a license by itself. P2 is assigned to Group, user 1 gets P2 as inherited and cannot be removed directly. Only by removing user 1 from group 1. Userv2 wont get a license, group 2 has no licenses assigned and nesting won't work here.
1) Y, You can assign users MS Defender for Cloud Apps on a per user basis. 2) N, You cannot remove the P2 license as User1 is in Group1. 3) N, nested group assignments don't work This sounds correct because license is on the group and the question only says about the user, so meaning directly from user properties but as you say its tricky question but I think this is correct, per user you can assign that license and you can't remove a license assigned via a group from the users properties. If you want to remove you must remove them from the group itself and nested group won't work for licensing.
Group-based licensing currently doesn't support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced
YNN for me
YNN make sense per explanations https://practical365.com/simplifying-office-365-license-control-azure-ad-group-based-license-management/ https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced
YES , YES , NO I'VE DONE THE LAB. YES as we enable disbale the 4 of them Yes as we can assign any of them and none of them so it's possible to remove P2 No as nestad Groups don't inherit the any licence
#1-NO. Azure AD Premium P2 include Microsoft Defender for Cloud Apps Discovery.It is included in Microsoft 365 E3 and Microsoft Entra ID P1 licenses #2-YES. There are 2 method to remove P2 lic from User1: 1. Remove User1 from Group1. 2. Directly remove the P2 license from User1 #3-NO. nested group assignments don't work.
NYN 1. The option is off in the license Section. 2. Yes, if a license is assigned to a group in Azure AD, it is automatically assigned to all its members. 3. No, User2 will NOT receive the Azure AD P2 license. Reason: Nested Group Licensing is NOT Supported in Azure AD Licenses do NOT inherit through nested groups in Azure AD. If Group1 is assigned an Azure AD P2 license, only its direct members receive the license. Group2 (being a member of Group1) does NOT inherit the license, and neither do its members (like User2).
when you assign an Azure AD Premium P2 license to Group1, users in Group2 (which is a member of Group1) will inherit the P2 license. This is because Azure AD supports license inheritance through group nesting.
no nested groupe not supported
ref : https://practical365.com/simplifying-office-365-license-control-azure-ad-group-based-license-management/
ref : https://practical365.com/simplifying-office-365-license-control-azure-ad-group-based-license-management/
any extra explanation here?
Correct answer is: YNN
Why people state 1st is Y? Screen shows defender as a ticked off
New question?
1. You can assign a license to an individual user regardless of the Group License that is being applied can you not? 2. You'd need to remove the user from the group, so no, you can not directly remove the license from the user 3. Nope as nested
I tested in Microsoft Entra Portal 1) N 2) Y 3) N
Y/N/N 1. Cloud App Discovery no conlleva ningún costo adicional como parte de: Azure Active Directory P1. Enterprise Mobility + Security E3 (EMS E3). Microsoft 365 E3.
Tested in LAB : N Y N
YNN1) Y, You can assign users MS Defender for Cloud Apps on a per user basis.2) N, You cannot remove the P2 license as User1 is in Group1.3) N, nested group assignments don't work
I have exam in 3 days. Whats the correct ans please?
This question was in exam 15/01/24
Yes No No
Yes No No
1. All Microsoft Cloud services that require user-level licensing are supported. This support includes all Microsoft 365 products, Enterprise Mobility + Security, and Dynamics 365. 2. Group-based licensing is currently available through the Azure portal and through the Microsoft Admin center. 3. Microsoft Entra ID automatically manages license modifications that result from group membership changes. Typically, license modifications are effective within minutes of a membership change. A user can be a member of multiple groups with license policies specified. A user can also have some licenses that were directly assigned, outside of any groups. The resulting user state is a combination of all assigned product and service licenses. If a user is assigned same license from multiple sources, the license will be consumed only once.
As per this article https://learn.microsoft.com/en-us/entra/identity/users/licensing-group-advanced The Microsoft 365 admin center doesn't currently support group-based licensing. If a user inherits a license from a group, this license appears in the Office admin portal as a regular user license. If you try to modify that license or try to remove the license, the portal returns an error message. Inherited group licenses can't be modified directly on a user. So 2) No
Final Answer : YNN
The link of youtube isn't correctly. You need to trust what he is saying, but you can check it by yourself. Create your tenant for free as an azure developer. I've in my test tenant E5 for developerSo: I created an user named "test user" I created a group named "test license" i assigned this license (E5 developer) to the group named "test license" where i turned off Microsoft defender for cloud apps. I wait few minutes so then user appear to the license tab where services enable are 65 of 66 ( Microsoft defender for cloud apps is the only one turned off ). After that, i assign directly to the user the same license, with different service option ( i keep everything turned on ). The result show: User has 2 assignment, directly and inherited from test license. The service enabled are 66 of 66 ( so microsoft defender for cloud apps is correctly assigned ). My answer are Y N N
NNN #1 No - Microsoft Defender for Cloud Apps Discovery license is OFF. #2 No - Since the license is assigned to a group, you cannot remove the license from user1 directly. Instead, you remove the license by removing User1 from group1. #3 No - License assignments are restricted to only the first level of the group.