What should you include in the recommendation?

Last Updated on November 1, 2021 by Admin 3

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.

You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:

The evaluation must be repeated automatically every three months.
Every member must be able to report whether they need to be in Group1.
Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.

What should you include in the recommendation?

  • Change the Membership type of Group1 to Dynamic User.
  • Implement Azure AD Privileged Identity Management.
  • Implement Azure AD Identity Protection.
  • Create an access review.
Explanation:

In Azure Active Directory (Azure AD), you can create complex attribute-based rules to enable dynamic memberships for groups. Dynamic group membership reduces the administrative overhead of adding and removing users.

When any attributes of a user or device change, the system evaluates all dynamic group rules in a directory to see if the change would trigger any group adds or removes. If a user or device satisfies a rule on a group, they are added as a member of that group. If they no longer satisfy the rule, they are removed.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments