HOTSPOT
-
You have an Azure AD tenant named adatum.com that contains the groups shown in the following table.
Adatum.com contains the users shown in the following table.
You assign an Azure Active Directory Premium P2 license to Group1 as shown in the following exhibit.
Group2 is NOT directly assigned a license.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
YNN 1) Y, You can assign users MS Defender for Cloud Apps on a per user basis. 2) N, You cannot remove the P2 license as User1 is in Group1. 3) N, nested group assignments don't work
1st is also NO. Microsoft Defender for Cloud Apps Discovery license is OFF.
Isn't it possible to assign the liciense to an individual user?
If you're referring to User 2, it's not asking if User 2 CAN be assigned the license, but if User 2 IS assigned the license. Only Group 1 was assigned the license, members of Group 2 wouldn't get assigned the licenses because nested groups don't inherit licenses.
Cloud App Discovery comes at no additional cost as part of: - Azure Active Directory P1. - Enterprise Mobility + Security E3 (EMS E3). - Microsoft 365 E3. So it should be already included in P2 also, thats 1st is also NO. https://learn.microsoft.com/en-us/defender-cloud-apps/editions-cloud-app-security-aad#cloud-app-discovery In conclusion assign Cloud Apps Discovery license has no point. So the answears are: N N N
- Azure Active Directory P1 is contained in Azure Active Directory P2. P2 is a larger license that encompasses P1. Cloud App Discovery carries no additional cost as part of: - Azure Active Directory P1. - Business Mobility + Security E3 (EMS E3). -Microsoft 365 E3. So the answer is YES
But you CAN assign it to individual users even if its turned off at the group level. Read the question properly!
ChatGPT says you can't if it is turned off at group level
I agree with this. I tested it on my trial dev tenant. i assigned a user only the AADP1 license from the E5 Deve license by a group. After it was assigned for a while, I went in and assigned the user the same license directly and onlswitched off a bunch of sub licenses at random. Checked after a day and the user was assigned the cumulative of the 2, so in the question, 1 is definitely Y. The orrect answers should be as below. 1)Y. Additional licenses can be assigned on to of a group assignment with a cumulatve result. 2)N. The licenses is assigned by group, so without removing the group, the license cannot be removed. tested this and everything is greyed out at a user level. 3)N. License assignments are restricted to only the first level of the group.
question clearly states license is 'NOT' ASSIGNED DIRECTLY VIA GROUP BASED LICENSING'
I agree with that! 1) Yes: The "Microsoft Defender for Cloud Apps Discovery" license is not automatically assigned through Group1 (but it's also not prohibited). 2) NO: The "Azure Active Directory Premium P2 License" is automatically assigned to the user. If I could remove the license from the user afterwards, it would contradict the "Assignment option" of Group1. 3) NO: User2 is in Group2, which is a member of Group1. However, license assignments are not inherited through subgroups (I don’t have a Microsoft source for this statement). https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/licensing-group-advanced
refer this clear explanation, its NNN
https://www.youtube.com/watch?v=np-6s3N-1iQ
thank you for the vide!
Thank you. so NNN is the ans
Thanks
OpenAI "No: User1 is a member of Group1, which has been assigned the Azure Active Directory Premium P2 license, but not the Microsoft Defender for Cloud Apps Discovery license. Since Group1 does not have the Microsoft Defender for Cloud Apps Discovery license assigned, User1 cannot be assigned that license either. No: User1 is a member of Group1, which has been directly assigned the Azure Active Directory Premium P2 license. Since User1 inherits the license from Group1, the Azure Active Directory Premium P2 license cannot be removed from User1 individually. It can only be removed by removing the license assignment from Group1. No: User2 is a member of Group2, which is not directly assigned any licenses. Therefore, User2 does not inherit the Azure Active Directory Premium P2 license or any other license assigned to Group2. To assign the Azure Active Directory Premium P2 license to User2, it would need to be directly assigned to User2 or to a group that User2 is a member of."
You are correct because defender is already off for assignment .
Much confusion on question 1. But if the license could not be assigned, the licensed would not be available or greyed out. Which it isn't. Does anybody have the same experience?
You are are not wrong in the explanation. However, the first two questions use the verb "CAN". Based, on that, I want to ask you, what happens if I remove "USER1" from "GROUP1". Moreover, the Microsoft Defender for Cloud Apps Discovery license can be assigned to one USER. Obviously USER2 can not get any license because of the netted groups. Base on the above, I will go for: Yes-Yes-No.
question given you a scenario to work on it not can and doing your out of the box workaround!
you cant trust AI sources. They are not reliable sources of factual information
How can this have 41 upvotes?! Answers of generative AI, such as Chat GPT, are not reliable! It's called AI hallucination. Ask it a question to a difficult technical problem and the answer will most likely contain errors.
Check this out..amazing. https://www.youtube.com/watch?v=np-6s3N-1iQ&t=201s He shows it the way it is. NNN. The reason there is so much discussion, I think we're thinking of too many "if" scenarios. Yes, you can remove the premium license from User1 but ONLY by removing them from the Group1, which isn't mentioned. It means, AS IT STANDS with this configuration NOW, CAN you do this without additional steps? So #2; No. #1: YES, you can assign user 1 the MS defender license, but ONLY if you change the license config on Group1. So as it stands no, NO. https://youtu.be/np-6s3N-1iQ?t=201 #3: NO. "If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied" https://learn.microsoft.com/en-us/entra/identity/users/licensing-group-advanced
Thank you, you should be upvoted.
Like this explanation. Thanks
best explaination ever
This is very frustrating, why examtopics didnt added correct answers. For every question there is conflict answers in comment
because the answers are *free*
three of them NOOOO i tested already
The link of youtube isn't correctly. You need to trust what he is saying, but you can check it by yourself. Create your tenant for free as an azure developer. I've in my test tenant E5 for developerSo: I created an user named "test user" I created a group named "test license" i assigned this license (E5 developer) to the group named "test license" where i turned off Microsoft defender for cloud apps. I wait few minutes so then user appear to the license tab where services enable are 65 of 66 ( Microsoft defender for cloud apps is the only one turned off ). After that, i assign directly to the user the same license, with different service option ( i keep everything turned on ). The result show: User has 2 assignment, directly and inherited from test license. The service enabled are 66 of 66 ( so microsoft defender for cloud apps is correctly assigned ). My answer are Y N N
NNN is the answer!
1 - the option is greyed out.. you are unable to do it
Final Answer : YNN
N,N,N, Gracias nchebbi, porque estas preguntas están resueltas en el video, donde hicieron el laboratorio. https://youtu.be/np-6s3N-1iQ?t=201
1. All Microsoft Cloud services that require user-level licensing are supported. This support includes all Microsoft 365 products, Enterprise Mobility + Security, and Dynamics 365. 2. Group-based licensing is currently available through the Azure portal and through the Microsoft Admin center. 3. Microsoft Entra ID automatically manages license modifications that result from group membership changes. Typically, license modifications are effective within minutes of a membership change. A user can be a member of multiple groups with license policies specified. A user can also have some licenses that were directly assigned, outside of any groups. The resulting user state is a combination of all assigned product and service licenses. If a user is assigned same license from multiple sources, the license will be consumed only once.
As per this article https://learn.microsoft.com/en-us/entra/identity/users/licensing-group-advanced The Microsoft 365 admin center doesn't currently support group-based licensing. If a user inherits a license from a group, this license appears in the Office admin portal as a regular user license. If you try to modify that license or try to remove the license, the portal returns an error message. Inherited group licenses can't be modified directly on a user. So 2) No
what is the correct answer?
Yes No No
Yes No No
https://learn.microsoft.com/en-us/entra/identity/users/licensing-group-advanced - Group-based licensing currently doesn't support groups that contain other groups (nested groups). If you apply a license to a nested group, only the immediate first-level user members of the group have the licenses applied. - When a user inherits a license from a group, you can't directly remove or modify that license in the user's properties. You can change the license assignment only in the group and the changes are then propagated to all group members.
This question was in exam 15/01/24
It was in EXAM, thanks Examtopic.
I have exam in 3 days. Whats the correct ans please?