HOTSPOT
-
You have a Microsoft 365 subscription that contains the administrative units shown in the following table.
The groups contain the members shown in the following table.
The users are assigned the roles shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
N - user1 is not a direct member of AU1 N - user 4 is not a member of AU1 Y - user 3 is a license admin for the Org. Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but not the members of the group https://learn.microsoft.com/en-us/azure/active-directory/roles/administrative-units#groups
Is correct. Adding a group to an administrative unit brings the group itself into the management scope of the administrative unit, but not the members of the group. In other words, an administrator scoped to the administrative unit can manage properties of the group, such as group name or membership, but they cannot manage properties of the users or devices within that group.
I confirm NNY, Nested group aren't supported from Administrative Unit!
Answer is correct by Copilot: 1. Yes, User 2 can reset the password of User1. User 2 is a Password Administrator and has scope over AU1, which includes User1 as it’s a member of Group1 in AU1. 2. No, User 2 cannot reset the password of User4. Although User 2 is a Password Administrator, User4 is not under the scope of User2 (AU1). 3. Yes, User 3 can assign licenses to User1. User 3 is a License Administrator and has an organization-wide scope, which includes all users.
When you add a group to an AU, the AU actions only apply to group but not it's members. So NNY
Y - user1 is member of group1, so member of AU1. since au1 is no group itself, there is no nested group, so this works. N - User 4 is not a member of AU1 Y: user3 can assign licenses to the entire organisation