Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 134

You have an Azure subscription that contains a resource group named RG1 and the identities shown in the following table.

You assign Group4 the Contributor role for RG1.

Which identities can you add to Group4 as members?

    Correct Answer: A

    Group nesting is not supported for groups that are role-assignable in Azure Active Directory. Since Group4 has been assigned a role and is role-assignable, it cannot have other groups added as members. Therefore, only individual users like User1 can be added as members of Group4.

Discussion
OrangeSGOption: A

This exam question test about role-assignable group feature in Azure Active Directory. Refer to Microsoft document on role-assignable group: “Group nesting is not supported. A group can't be added as a member of a role-assignable group.” Reference Create a role-assignable group in Azure Active Directory https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-create-eligible Use Azure AD groups to manage role assignments https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept

basak

if 2 security groups - for example, group parent has assigned role app developer and group child has no role assigned. in this case you can't add child as a member of parent. since child has no role assigned you can add group parent inside group child.

km_2022Option: A

Answer Is A. Group nesting isn't supported. A group can't be added as a member of a role-assignable group. https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept

Obama_boyOption: D

The correct answer is: D. User1, Group2, and Group3 only. Reasoning: User1 is an individual user and can be added to security groups without restrictions. Group2 is a security group, and security groups can be nested within other security groups in Azure AD. Group3 is also a security group and can be nested as well. Group1 is a Microsoft 365 group which cannot be nested within other security groups, hence it cannot be added to Group4. Azure AD roles assigned to the group are irrelevant in the context of which members can be added to Group4. The key factor is whether the type of identity (user or group) can be nested within another group.

FerasoOption: B

Answer is B Group 3 option is Yes for AAD role can be assigned to the group. Group 4 has this option also yes. Hence, when you go to Group4 and try to add the groups, you will be able to add the groups that has the option YES. Group1 is M365 group which is not supported. Group2 has the option set to NO, hence, won't be available.

FerasoOption: B

Answer is B, I just tested it in my lab. Only User1 and Group3 were available to be added.

bxlinOption: D

Only User1 and Group2 can be added to Group4. Note: Nesting is currently not supported for groups that can be assigned to a role. Hence not Group 1 and 3.

JaridB

that is correct but unfortunately that is not an option. Role-assignable groups cannot be nested within other role-assignable groups. This means you cannot add a role-assignable Microsoft 365 group to another role-assignable group. Suppose you have two role-assignable groups: Group A and Group B. Group A cannot be added as a member of Group B if both are role-assignable.

Nava702Option: A

A. User 1 only. Group nesting isn't supported. A group can't be added as a member of a role-assignable group. https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/groups-concept

Mnguyen0503Option: A

Tested in lab. When trying to add a Security group with Azure AD roles assigned, I got this error: Failed to add group member. Nesting is currently not supported for groups that can be assigned to a role. Those that claimed to have tested in lab, you might want test twice before posting ...

wardy1983

This exam question test about role-assignable group feature in Azure Active Directory. Refer to Microsoft document on role-assignable group: “Group nesting is not supported. A group can't be added as a member of a role-assignable group.”

STC007Option: B

The answer is B. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-service-limits-restrictions "At this time, the following scenarios are supported with nested groups: One group can be added as a member of another group, and you can achieve group nesting. Group membership claims. When an app is configured to receive group membership claims in the token, nested groups in which the signed-in user is a member are included. Conditional access (when a conditional access policy has a group scope). Restricting access to self-serve password reset. Restricting which users can do Azure AD Join and device registration. The following scenarios are not supported with nested groups: App role assignment, for both access and provisioning. Assigning groups to an app is supported, but any groups nested within the directly assigned group won't have access. Group-based licensing (assigning a license automatically to all members of a group). Microsoft 365 Groups."

Jimmy500Option: A

First, we can not add Microsoft365 group into Security group, we can skip Group1. Nesting is not supported for Role Assignable groups it means if group is role assignable, we cannot add any group there, so we need to skip other groups as well. We can only keep User1.

JaridOption: B

The question asks which identities can be added to Group4 as members. The table shows the following information about the relevant groups: Group1: Microsoft 365 group - Azure AD roles can be assigned to the group. This means Group1 itself can be assigned roles, but users cannot be directly added to it. Group2: Security group - No - Azure AD roles cannot be assigned to this group, and users cannot be directly added to it. Group3: Security group - Yes - Azure AD roles can be assigned to this group, and users can be added as members. Group4: Security group - Yes - Azure AD roles can be assigned to this group, and users can be added as members. Since Group1 and Group2 cannot have users added directly as members, they are not valid options. User1 and Group3 can be added to Group4 because they are both security groups that allow adding members.

NICKTON81Option: B

B is okay; https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/groups-assign-role?tabs=ms-powershell

hfk2020Option: E

Contributor is an RBAC role if it was Azure AD role then nested group are not allowed

hfk2020Option: D

User1,Group2,Group3 only M365 cannot be nested

hfk2020

Tested in the Lab

flafernanOption: E

The question was: "What identities can you add to Group4 as members?" At no point is there any talk of assigning inherited functions between groups. Therefore, the answer is the letter: E. User1, Group1, Group2 and Group3.

wardy1983Option: A

Answer: A Explanation: This exam question test about role-assignable group feature in Azure Active Directory. Refer to Microsoft document on role-assignable group: “Group nesting is not supported. A group can't be added as a member of a role-assignable group.” Reference Create a role-assignable group in Azure Active Directory https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-create-eligible Use Azure AD groups to manage role assignments https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept