AZ-500 · Question #265
AZ-500 Question #265: Real Exam Question with Answer & Explanation
This question tests understanding of Azure AD self-service application access, group ownership, and how users are added to applications via self-service approval workflows.
Question
Hotspot Question You have an Azure Active Directory (Azure AD) tenant that contains the resources shown in the following table. User2 is the owner of Group2. The user and group settings for App1 are configured as shown in the following exhibit. You enable self-service application access for App1 as shown in the following exhibit. User3 is configured to approve access to Appl. You need to identify the owners of Group2 and the users of Appl. What should you identify? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. Answer:
Options
- __typehotspot
- variantdropdown
Explanation
This question tests understanding of Azure AD self-service application access, group ownership, and how users are added to applications via self-service approval workflows.
Approach. For the owners of Group2: When self-service application access is enabled and a group is designated as the assignment group for the application, the owner of that group (User2) becomes responsible for approving or managing membership. However, since User3 is configured as the approver for App1 access requests, User3 also becomes an owner/approver context. The owners of Group2 remain User2 (the original owner), and when self-service is enabled with Group2 as the assigned group, User2 stays as owner - no automatic addition of other owners occurs unless explicitly configured. For the users of App1: When self-service application access is enabled, users who request access and are approved get added to the assigned group (Group2), which grants them access to App1. User1 (already assigned), plus any users who request and receive approval will be users of App1. Based on typical exam scenario configurations where User1 is pre-assigned and the self-service configuration adds approved requesters to Group2, the users of App1 would include User1 and any self-service approved users added to Group2.
Concept tested. Azure AD self-service application access configuration, including how approval workflows work, how group ownership relates to application assignment groups, and which users gain access to an application through self-service vs. direct assignment.
Reference. https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/manage-self-service-access
Topics
Community Discussion
No community discussion yet for this question.