Assigning Roles to Admin1 for Registering App1 in Azure AD | Exam SC-300

B.

The correct answer to this question is B. Application developer in Azure A.

Explanation: The scenario states that Users can register applications is set to No in the Azure AD tenant. This means that by default, users are not allowed to register applications in the tenant. However, Admin1 needs to register a new cloud app named App1 in the Azure AD tenant.

To allow Admin1 to register App1 in Azure AD, we need to grant the appropriate role with the least privilege. The role should provide only the necessary permissions required to register the app and nothing more.

Out of the options given, Managed Application Contributor for Subscription1 and App Configuration Data Owner for Subscription1 are both roles that provide access to resources outside the scope of Azure AD, and they are not directly related to registering apps in Azure AD. Therefore, they are not the correct roles to assign to Admin1.

Cloud application administrator in Azure A is a role that allows the user to manage all aspects of cloud applications in Azure AD. However, this role grants too many permissions for the specific task of registering a new app in Azure AD. Therefore, it is not the best option in terms of least privilege.

The best option is to assign the role of Application developer in Azure A to Admin1. This role allows the user to create and manage Azure AD applications. It grants only the necessary permissions required to register and manage the app in Azure AD, and nothing more. Therefore, this is the correct role to assign to Admin1 in this scenario.

In conclusion, the correct answer is B. Application developer in Azure A, as it provides the least privilege required to register a new app in Azure AD.