Can Admin1 Create Access Reviews in Azure AD? - Solution and Explanation
Question
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You consent to Azure AD Privileged Identity Management (PIM).
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.A
PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
-> Conduct access reviews to ensure users still need roles
Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. This includes access to resources in Azure AD, Azure resources, and other Microsoft Online Services like Office 365 or Microsoft
Intune.
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureThe proposed solution of consenting to Azure AD Privileged Identity Management (PIM) does not directly address the issue of the Access reviews settings being unavailable to Admin1. Therefore, the solution does not meet the goal of enabling Admin1 to create access reviews in contoso.com.
Azure AD Privileged Identity Management (PIM) is a solution for managing and controlling access to privileged roles in Azure AD. It provides temporary access to privileged roles for users, requires approval workflows, and provides auditing and monitoring capabilities. However, it does not directly relate to the issue of enabling Admin1 to create access reviews in Azure AD.
To address the issue, we need to investigate why the Access reviews settings are unavailable to Admin1. It is possible that Admin1's permissions or licenses are not configured correctly. It is also possible that there is a technical issue with the Azure AD admin center that is preventing access reviews from being created.
To troubleshoot the issue, we can try the following steps:
- Check that Admin1 has the necessary licenses to use the Access reviews feature.
- Ensure that Admin1 has the correct permissions to access the Access reviews feature. This can be done by adding the "Azure AD Privileged Identity Management Administrator" role to Admin1's role assignments.
- Check if there are any issues with the Azure AD admin center. This can be done by checking the Azure status page or contacting Azure support.
In summary, the proposed solution of consenting to Azure AD Privileged Identity Management (PIM) does not meet the goal of enabling Admin1 to create access reviews in contoso.com. Further investigation is needed to identify and resolve the issue.
