You have 15 Azure subscriptions. You have an Azure Active Directory (Azure AD) tenant that contains a security group named Group1. You plan to purchase addition...
Microsoft AZ-104 Exam
Questions Number: 95 out of 549 Questions
17.30%
Question 95
You have 15 Azure subscriptions. You have an Azure Active Directory (Azure AD) tenant that contains a security group named Group1. You plan to purchase additional Azure subscription. You need to ensure that Group1 can manage role assignments for the existing subscriptions and the planned subscriptions. The solution must meet the following requirements: - Use the principle of least privilege. - Minimize administrative effort. What should you do?
The User Access Administrator role enables the user to grant other users access to Azure resources. This switch can be helpful to regain access to a subscription. Management groups give you enterprise-grade management at scale no matter what type of subscriptions you might have. Each directory is given a single top-level management group called the "Root" management group. This root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level. Incorrect: Not C: A few directories that started using management groups early in the preview before June 25 2018 could see an issue where not all the subscriptions were within the hierarchy. The process to have all subscriptions in the hierarchy was put in place after a role or policy assignment was done on the root management group in the directory. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/rbac-and-directory-admin-roles https://docs.microsoft.com/en-us/azure/governance/management-groups/overview
