You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
-> The evaluation must be repeated automatically every three months.
-> Every member must be able to report whether they need to be in Group1.
-> Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
-> Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?
Click on the arrows to vote for the correct answer
A. B. C. D.C
Have reviews recur periodically: You can set up recurring access reviews of users at set frequencies such as weekly, monthly, quarterly or annually, and the reviewers will be notified at the start of each review. Reviewers can approve or deny access with a friendly interface and with the help of smart recommendations.
https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview#learn-about-access-reviewsBased on the requirements outlined in the question, the recommended solution must perform the following:
Of the four options provided, the most appropriate recommendation for this scenario is to create an access review, which is option C.
Access reviews are a feature in Azure AD that allow administrators to review and manage group memberships for users in their organization. An access review allows you to periodically review the membership of a group and verify whether members still require access. Access reviews can be performed on a schedule, which makes them suitable for the requirement to evaluate Group1 membership every three months.
Access reviews can be configured with different types of reviewers, including group owners, group members, or external reviewers. In this scenario, every member of Group1 should be able to report whether they need to be in the group, which can be accomplished by configuring Group1 members as reviewers in the access review. This meets the requirement for members to be able to report on their own membership status.
When an access review is performed, members of Group1 will be asked to verify their need to remain in the group. Users who report that they no longer require access to Group1 will be removed from the group automatically, which meets the requirement to remove users who report that they do not need to be in the group. Users who do not respond to the access review will also be removed from the group, which meets the requirement to remove users who do not report on their membership status.
Option A, Implement Azure AD Identity Protection, is not relevant to this scenario. Azure AD Identity Protection is a feature that allows administrators to configure policies that detect and prevent suspicious activities in their organization.
Option B, Change the Membership type of Group1 to Dynamic User, is not suitable for this scenario because it would allow users to join the group automatically based on specific criteria. This does not meet the requirement to periodically review and manage group memberships.
Option D, Implement Azure AD Privileged Identity Management (PIM), is also not relevant to this scenario. Azure AD PIM is a feature that allows administrators to manage and monitor privileged access to resources in their organization. It does not provide functionality for managing group memberships.