Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You assign the Global administrator role to Admin1.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
-> Conduct access reviews to ensure users still need roles
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureThe given scenario describes a situation where an Azure AD user named Admin1 is unable to create access reviews from the Azure Active Directory admin center. However, Admin1 can access all other Identity Governance settings. The user has been assigned the User administrator, Compliance administrator, and Security administrator roles, and the objective is to ensure that Admin1 can create access reviews in the contoso.com tenant.
The proposed solution is to assign the Global administrator role to Admin1 to grant them access to the required settings.
The solution would meet the goal of enabling Admin1 to create access reviews as the Global administrator role is the highest privileged role in Azure AD and grants access to all settings and features, including the Access reviews settings. However, it should be noted that granting the Global administrator role to a user should be carefully considered as it confers broad and potentially unrestricted access to the entire Azure AD tenant.
In this scenario, if granting the Global administrator role to Admin1 is deemed necessary to achieve the goal, it should be done in accordance with the principle of least privilege and with consideration of the associated security risks.
Therefore, the correct answer is: A. Yes