Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure subscription that contains a resource group named RG1.
You create an Azure Active Directory (Azure AD) group named ResearchUsers that contains the user accounts of all researchers.
You need to recommend a solution that meets the following requirements:
-> The researchers must be allowed to create Azure virtual machines.
-> The researchers must only be able to create Azure virtual machines by using specific Azure Resource Manager templates.
Solution: Create an Azure DevOps Project. Configure the DevOps Project settings.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Instead: On RG1, assign the Contributor role to the ResearchUsers group. Create a custom Azure Policy definition and assign the policy to RG1.
No, the recommended solution does not meet the stated requirements.
Creating an Azure DevOps project and configuring its settings is not a solution to meet the requirements of allowing researchers to create Azure virtual machines using specific Azure Resource Manager templates.
To meet the stated requirements, you can use Azure Role-Based Access Control (RBAC) to grant the ResearchUsers group the necessary permissions to create Azure virtual machines using specific Azure Resource Manager templates.
To achieve this, you can follow these steps:
Create a custom RBAC role: Create a custom role that allows users to create virtual machines, but limits the resource types that can be used to create them. This can be achieved by creating a JSON file that defines the custom role.
Assign the custom role to the ResearchUsers group: Use the Azure portal or Azure CLI to assign the custom role to the ResearchUsers group.
Grant access to the Resource Manager template: Grant the ResearchUsers group access to the specific Azure Resource Manager template that they are allowed to use to create virtual machines. This can be achieved by assigning the "Reader" role to the ResearchUsers group on the Resource Group that contains the template.
By following these steps, you can ensure that the ResearchUsers group is granted the necessary permissions to create virtual machines using specific Azure Resource Manager templates, while still limiting their access to only the resources that they need to perform their tasks.