MS-102 · Question #46
MS-102 Question #46: Real Exam Question with Answer & Explanation
The correct answer is D: Azure AD Privileged Identity Management (PIM). To provide User1 with time-bound administrative access requiring approval for managing Exchange Online and creating Microsoft 365 groups, Azure AD Privileged Identity Management (PIM) is the correct tool.
Question
You have a Microsoft 365 subscription that contains a user named User1. User1 requires admin access to perform the following tasks: - Manage Microsoft Exchange Online settings. - Create Microsoft 365 groups. You need to ensure that User1 only has admin access for eight hours and requires approval before the role assignment takes place. What should you use?
Options
- AAzure AD Identity Protection
- BMicrosoft Entra Verified ID
- CConditional Access
- DAzure AD Privileged Identity Management (PIM)
Explanation
To provide User1 with time-bound administrative access requiring approval for managing Exchange Online and creating Microsoft 365 groups, Azure AD Privileged Identity Management (PIM) is the correct tool.
Common mistakes.
- A. Azure AD Identity Protection focuses on detecting and remediating identity-based risks, such as compromised accounts, not on managing time-bound access or approval workflows for administrative roles.
- C. Conditional Access policies control access to resources based on conditions (e.g., location, device compliance) but do not provide just-in-time role activation with approval workflows for administrative roles.
- B. Microsoft Entra Verified ID is a decentralized identity solution for verifiable credentials and does not relate to managing time-bound administrative access or approval workflows within an organization's Azure AD tenant.
Concept tested. Azure AD Privileged Identity Management (PIM)
Topics
Community Discussion
No community discussion yet for this question.