SC-300 Question #202: Real Exam Question with Answer & Explanation

Submitted by carter_n· Mar 6, 2026Manage Azure Active Directory identities - specifically understanding group types (Security vs Microsoft 365), membership types (Assigned vs Dynamic), and which identity types (users, managed identities, service principals) can be added to each group type. This aligns with the AZ-104 or SC-300 domain covering identity and access management in Azure AD.

Question

Hotspot Question You have an Azure AD tenant that contains the groups shown in the following exhibit. Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point. Answer:

Explanation

A managed identity can only be added to security groups, not Microsoft 365 groups or dynamic groups. Group2 is the only security group with assigned membership, making it the only group that accepts managed identities. Azure AD cloud users can be added to security groups with assigned membership (Group2), Microsoft 365 groups (Group1), and the 'All Company' dynamic group supports user membership - however, dynamic groups automatically assign members based on rules, so users cannot be manually added to dynamic groups; All Company, Group1, and Group2 represent the groups where a cloud user can be a member either automatically or manually based on the group types shown.

Topics

#Azure AD Groups#Managed Identities#Security Groups#Microsoft 365 Groups

Community Discussion

No community discussion yet for this question.

Full SC-300 Practice Browse All SC-300 Questions