You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam,
Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the
Microsoft 365 E5 plan.
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:
-> To the manager of the developers, send a monthly email message that lists the access permissions to Application1.
-> If the manager does not verify an access permission, automatically revoke that permission.
-> Minimize development effort.
What should you recommend?
Click on the arrows to vote for the correct answer
A. B. C. D.C
The scenario describes a situation where an external company named Fabrikam, Ltd. has been given role-based access control (RBAC) permissions to an application named Application1 in an Azure subscription. The organization that owns the Azure subscription wants to ensure that the access permissions given to the developers at Fabrikam are still required and should be able to revoke the permissions automatically if they are not verified by the manager of the developers. To meet these requirements, the organization needs to implement an access review mechanism.
An access review is a feature of Azure Active Directory (Azure AD) that allows an administrator to review and verify the access permissions of users or groups to a particular application or resource. An access review can be scheduled to run at regular intervals, and it sends email notifications to the reviewers to remind them to perform the review.
Based on the requirements listed in the scenario, the best solution would be to create an access review of Application1 in Azure AD. This will allow the manager of the developers to receive a monthly email message that lists the access permissions to Application1, and if the manager does not verify an access permission, the access review mechanism can automatically revoke that permission.
Option A is not a suitable solution because it involves running a PowerShell cmdlet that retrieves the app role assignments of a user, which would require manual intervention from the administrator.
Option B is not a suitable solution because it involves running a PowerShell cmdlet that retrieves the role assignments for an Azure resource, which would require manual intervention from the administrator.
Option D is not a suitable solution because Azure AD Privileged Identity Management is a feature that allows an organization to manage privileged access to resources, such as Azure resources, Azure AD roles, and Microsoft 365 services. It is not designed to manage access to a specific application like Application1.
Therefore, the correct solution is to implement an access review of Application1 in Azure AD, which will allow the manager of the developers to receive a monthly email message that lists the access permissions to Application1 and automatically revoke any permission that is not verified by the manager.