Exam AZ-500 All QuestionsBrowse all questions from this exam
Go to Exam
Question 124

HOTSPOT

-

You have an Azure subscription that contains the resources shown in the following table.

You perform the following tasks:

• Create a managed identity named Managed1.

• Create a Microsoft 365 group named Group1.

• Register an enterprise application named App1.

• Enable a system-assigned managed identity for VM1.

You need to identify which service principals were created and which identities can be assigned the Reader role for RG1.

What should you identify? To answer, select the appropriate options in the answer area.

NOTE: Each correct selection is worth one point.

    Correct Answer:

Discussion
undecided

Tested in the Portal; second answer looks to be incorrect. Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, App1, and Group1

AzureJobsTillRetire

I agree that Group1 can. I tested in lab as well. I created a Microsoft 365 group and I found that it appears in the select member list. I'm not too sure about App1 service principle though. I registered an app and its service principle does not show up in the select member list. I might have done my lab wrong though. But I will choose undecided's answer when I go to exam.

AzureJobsTillRetire

anyway, there is not an option for Manager1, VM1 and Group1 only for box 2, hence the answer for the second box must be all

zellck

1. Managed1, VM1 and App1 only 2. Managed1, VM1, App1 and Group1 https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object There are three types of service principal: - Application - The type of service principal is the local representation, or application instance, of a global application object in a single tenant or directory. - Managed identity - This type of service principal is used to represent a managed identity. Managed identities eliminate the need for developers to manage credentials. Managed identities provide an identity for applications to use when connecting to resources that support Azure AD authentication. - Legacy - This type of service principal represents a legacy app, which is an app created before app registrations were introduced or an app created through legacy experiences.

zellck

https://learn.microsoft.com/en-us/azure/active-directory/roles/groups-concept#how-role-assignments-to-groups-work To assign a role to a group, you must create a new security or Microsoft 365 group with the isAssignableToRole property set to true. In the Azure portal, you set the Azure AD roles can be assigned to the group option to Yes. Either way, you can then assign one or more Azure AD roles to the group in the same way as you assign roles to users.

majstor86

Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, App1, and Group1 Service principals: https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-obje Identity: https://devblogs.microsoft.com/devops/demystifying-service-principals-managed-identities/

nox2447

Pretty sure it is: Service Principals: App1 only and Identities: Managed1, VM1 Identities and Service Principal are not the same. Imo this questions tests whether you know that SP is created during App creation and how the differ from managed identities.

mskott

Managed identity and service principal are two different types of 'identities' It should be: Service Principal: App1 only Identities: Managed1 (user assigned identity), VM1 (which has system assigned identity), App1 (service principal)only

AzureJobsTillRetire

There are three types of service principal: Application Managed identity Legacy https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object

Ajdlfasudfo0

answer seems to be correct; https://stackoverflow.com/questions/47762262/add-aad-application-as-a-member-of-a-security-group

tweleve

in exam 13 Oct

sofieejo

In exam 29/01/2023 + many questions about Microsoft Sentinel

[Removed]

currently, when you select members for an RG, there is a radio button for either "User, group, or service principal" or "Managed identity" that determines how the view is filtered. You are allowed to add a mix of both

Jimmy500

Look guys, do not reply please here until you do not know question. In the first question it asks which service principial creating keep in mind this will happen when we will create app registration. So the first one will be App1 only. For the second one it asks which identity can be asked as a reader role Grouup1 can not as it is MS365 group, but we can asssign it for Managed identity, Service Principial and VM1 as it has system assigned managed idetity. Answer: App1 only Managed1,VM1, App1 only

Jimmy500

I am so sorry guys, my first answer is wrong let me correct my mistake. When we create managed identity does not matter system or user assigned we can see the service principial for them in the Entra Id, if search with the id of managed identity we will see that also when we register application we also will see on service pricipial under enterprice applications in the first box besides Group creation we will see principial creation in other 3 cases which means given answer for the first box is correct. For the second box we should choose all of them as we can also assign role to Microsoft 365 groups as well, we can not assign role to the nested groups , please keep this in your mind as well for the other question.Once again sorry for my first answer.

NICKTON81

Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, and App1 only PS: You can't assign Reader role for RG1 using MS365 groups.

wardy1983

Explanation: Service Principals: Managed1, VM1, and App1 only Identities: Managed1, VM1, App1, and Group1

flafernan

SERVICE PRINCIPLES: Managed1, VM1 and App1 only IDENTITIES (Identities): Managed1 and VM1 only Explanation: Managed1 is a managed identity that you created. VM1, when having a managed identity enabled, also generates a Service Principal to represent a VM in Azure AD. App1, being a registered enterprise application, is associated with a Service Principal. Microsoft 365 Group1 does not generate Service Principal and is not directly related to this configuration. Only Managed1, VM1 and App1 have Service Principals associated with them. Although Managed1 and VM1 have managed identities, Group1 does not fall into the Service Principals or Identities categories in this context.

TheProfessor

When you go to assign role, you have to select either 1) user, group or service principle or 2) Managed Identity. So Identities: Managed1, VM1, App1, and Group1