Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that Admin1 can create access reviews in contoso.com.
Solution: You assign the Service administrator role to Admin1.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
-> Conduct access reviews to ensure users still need roles
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureThe solution proposed is not appropriate to meet the stated goal. The Service administrator role is used to manage subscriptions, billing, and support tickets, but it does not provide the necessary permissions to manage identity governance features such as access reviews.
To enable Admin1 to create access reviews in contoso.com, you need to assign the appropriate role with the necessary permissions to create and manage access reviews. In Azure AD, the role required to create and manage access reviews is the Identity Governance administrator role. Therefore, you should assign the Identity Governance administrator role to Admin1.
To assign the Identity Governance administrator role to Admin1, follow these steps:
Sign in to the Azure portal as a Global administrator or Privileged role administrator.
Navigate to Azure Active Directory.
Select Roles and administrators.
Search for the Identity Governance administrator role.
Click on Add assignments.
Search for Admin1 in the list of users and select the checkbox next to their name.
Click on Add assignments to add the Identity Governance administrator role to Admin1.
After you have assigned the Identity Governance administrator role to Admin1, they will have the necessary permissions to create and manage access reviews in contoso.com.