Enable Admin1 to Create Access Reviews in Azure AD (AZ-303) - Microsoft Exam Solution
Question
Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You consent to Azure AD Privileged Identity Management (PIM).
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.A
PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
-> Conduct access reviews to ensure users still need roles
Note: Azure Active Directory (Azure AD) Privileged Identity Management (PIM) is a service that enables you to manage, control, and monitor access to important resources in your organization. This includes access to resources in Azure AD, Azure resources, and other Microsoft Online Services like Office 365 or Microsoft
Intune.
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureThe solution provided in the question, i.e., consenting to Azure AD Privileged Identity Management (PIM), is not directly related to enabling access reviews in the Azure AD admin center. Therefore, the solution does not meet the stated goal.
Azure AD Privileged Identity Management (PIM) is a service that enables organizations to manage, control, and monitor access to Azure resources within their organization. PIM allows organizations to manage administrative access to resources by requiring users to request privileged access through PIM, which then grants time-bound access to the requested resources.
However, PIM does not directly enable access reviews in the Azure AD admin center. Access reviews are a feature of Azure AD Identity Governance that enables organizations to review and manage access to resources, groups, and applications within their organization.
To enable access reviews for Admin1 in the Azure AD admin center, you need to assign the user the appropriate Azure AD roles. In this case, the Global administrator or the Privileged role administrator role is required to enable access reviews.
Therefore, the correct solution to meet the stated goal is to assign the Admin1 the Global administrator or Privileged role administrator role in the Azure AD tenant.
In conclusion, the solution provided in the question, i.e., consenting to Azure AD Privileged Identity Management (PIM), does not meet the goal of enabling Admin1 to create access reviews in the Azure AD admin center. The correct solution is to assign the user the Global administrator or the Privileged role administrator role in the Azure AD tenant.
