Ensure Security Administrator Approval for Owner Role Assignments in Azure Subscriptions and Resource Groups

B

Azure Active Directory (Azure AD) access reviews enable organizations to efficiently manage group memberships, access to enterprise applications, and role assignments. User's access can be reviewed on a regular basis to make sure only the right people have continued access.

The correct answer to implement the given security policy is B. Access reviews in Identity Governance.

Explanation: Access reviews in Identity Governance is a feature in Azure Active Directory (Azure AD) that enables administrators to review and approve or revoke access to Azure resources. It allows you to create a recurring access review to validate if the access granted to users or groups is still needed or if the access should be removed. In this scenario, the security administrator can create an access review for the Owner role for each subscription and resource group. The access review can be set to run monthly, and the security administrator will be prompted to review and approve or revoke access.

Identity Secure Score in Azure Security Center (A) provides an assessment of your identity security posture and recommendations to improve security. While it can help improve security, it does not have a specific feature to implement the given security policy.

User risk policy in Azure AD Identity Protection (C) evaluates the risk level of a user's sign-in behavior and can trigger conditional access policies to prevent unauthorized access. It does not have a specific feature to implement the given security policy.

Role assignments in Azure AD Privileged Identity Management (D) enables administrators to manage privileged access to Azure resources. While it can help improve security, it does not have a specific feature to implement the given security policy.