You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
-> The evaluation must be repeated automatically every three months.
-> Every member must be able to report whether they need to be in Group1.
-> Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
-> Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?
Click on the arrows to vote for the correct answer
A. B. C. D.A
In Azure Active Directory (Azure AD), you can create complex attribute-based rules to enable dynamic memberships for groups. Dynamic group membership reduces the administrative overhead of adding and removing users.
When any attributes of a user or device change, the system evaluates all dynamic group rules in a directory to see if the change would trigger any group adds or removes. If a user or device satisfies a rule on a group, they are added as a member of that group. If they no longer satisfy the rule, they are removed.
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membershipTo meet the requirements stated in the question, you should recommend creating an Access Review for Group1 in Azure AD.
Access Review is a feature of Azure AD that enables you to review and manage group membership for your organization's users. With Access Review, you can periodically review membership for a group, and request feedback from members about whether they still require access to the resources provided by the group. You can then use the feedback to make decisions about removing users from the group.
In this scenario, you need to evaluate the membership of Group1 every three months. You can set up an Access Review for Group1 with a recurring schedule of three months. When the review is due, Azure AD will send notifications to all members of Group1, requesting feedback on whether they still require access to the resources provided by the group.
In addition, you need to ensure that users who report that they do not need to be in Group1 are automatically removed from the group. Access Review allows you to set up automatic removal of users who have reported that they no longer require access. You can also set a deadline for users to respond to the review. Users who do not respond before the deadline can also be automatically removed from the group.
Option A is incorrect because changing the Membership type of Group1 to Dynamic User will not meet the requirements of the question. Dynamic User is a type of group membership that is based on a user's attributes or roles. It is not suitable for evaluating membership based on feedback from users.
Option B, implementing Azure AD Privileged Identity Management, is also incorrect because it is not relevant to the requirements of the question. Privileged Identity Management is a feature that enables you to manage access to resources that require elevated permissions. It is not relevant to evaluating the membership of a security group.
Option C, implementing Azure AD Identity Protection, is also incorrect because it is not relevant to the requirements of the question. Azure AD Identity Protection is a feature that helps you identify and respond to identity-based risks in your organization. It is not relevant to evaluating the membership of a security group.
In summary, to meet the requirements stated in the question, you should recommend creating an Access Review for Group1 in Azure AD with a recurring schedule of three months, and set up automatic removal of users who have reported that they no longer require access, and for users who do not respond before the deadline.