You have an Azure subscription that uses Azure AD Privileged Identity Management (PIM).
A user named User1 is eligible for the Billing administrator role.
You need to ensure that the role can only be used for a maximum of two hours.
What should you do?
To ensure that a role can only be used for a maximum of two hours, you need to edit the role activation settings. This involves configuring the maximum duration that the role can be active once it is activated by the user. Editing the role assignment settings or creating an access review would not be directly related to limiting the duration of the role's usage once it is activated. Hence, the correct action is to modify the role activation settings to set the maximum activation duration to two hours.
D. Role activation settings https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings
Correct
Considering the original judgment presented in the question, letter D (Edit function activation settings) would be the most pertinent choice, since the other options would not directly apply to the function's time limitation. However, it is important to note that the actual configuration of time limitations for privileged roles must be performed through Azure AD Privileged Identity Management (PIM) policies to ensure secure use and required compliance of privileged roles. Therefore, although D may be the most detailed option based on the logic of the question, the specific configuration of the time limitation must be performed in PIM.
To ensure that the Billing administrator role can only be used for a maximum of two hours, you need to edit the role activation settings. To do this, follow these steps: 1. Sign in to the Azure portal. 2. Go to Azure Active Directory > Privileged Identity Management. 3. Click Roles > Role settings. 4. Select the Billing administrator role. 5. Under Activation maximum duration, set the maximum duration to 2 hours. 6. Click Save. Once you have edited the role activation settings, User1 will be able to activate the Billing administrator role for a maximum of two hours at a time. After two hours, the role assignment will automatically expire. Reference Configure Microsoft Entra role settings in Privileged Identity Management https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings
Double DD
In exam 1/28/24
Role Activation settings https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings#role-settings
The user is eligible for the role, this means that he will request the role (it's an activation process). Assignment is when an admin manually assign a role to someone.
D. - Similar as xcapell https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settingshttps://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings
Answer is correct!
D is the answer
So stupid these questions. You have to indeed actually edit the Role>Assignment>Settings. But once there the duration changes are under Activation>Settings I have no idea which one MS wants selected here.
So often such questions have more than one answer. Look out for those. If you select only one you will lose points.
THE ACTIVATION TAB WITHIN THE PIM ROLE SETTINGS. ASSIGNMENT SPECIFIES WHEN THE ROLE ITSELF EXPIRES AND WHO IS ASSIGNED TO IT.
B. Edit the role assignment settings.
D. Edit the role activation settings.
Tested. you can Edit either from Role->Choose the role (Billing Administrator in this case)->Role Settings->Edit and then under Activation you setup Activation maximum duration or if you want Azure AD Privileged Identity Management -> Azure AD Roles -> Roles Under Manage you choose Assignments (if the role has already been assigned at least once) you click Settings-> Edit and then under Activation you setup Activation maximum duration if the role has not been assigned to someone under Manage you click Settings, you choose the role and then Edit under Activation you setup Activation maximum duration