Home » Microsoft » 70-534 v.2 » What should you do?
You need to assign permissions for the Virtual Machine workloads that you migrate to Azure.
The solution must use the principal of least privileges.
What should you do?
A. Create all VMs in the cloud service named Groupl and then correct to the Azure subscription. Rin the following Windows PowerShell command:
New-AzureRoleAssignment -Mail user1 @vanarsdelltd.com -RoleDefinitionName Contributor -ResourceGroupName group1
B. In the Azure portal, select an individual virtual machine and add an owner.
C. In the Azure portal, assign read permission to the user at the subscription level.
D. Create each VM in a separate cloud service and then connect to the Azure subscription. Run the following Windows PowerShell command:
Get-AzureVM | New-AzureRoleAssignment -Mail [email protected] -RoleDefinitionName Contributor
Correct Answer: A
Explanation/Reference:
* Scenario: Permissions must be assigned by using Role Based Access Control (RBAC).
* Role-Based access control (RBAC) in the Azure Portal and Azure Resource Management API allows you to manage access to your subscription at a fine-grained level. With this feature, you can grant access for Active Directory users, groups, or service principals by assigning some roles to them at a particular scope.
Create a role assignment
Use New-AzureRoleAssignment to create a role assignment.
Example: This will create a role assignment for a group at a resource group level.
PS C:> New-AzureRoleAssignrnent -ObjectID <group object ID> -RoleDefinitionName Reader -ResourceGroupName group1
Reference: Managing Role-Based Access Control with Windows PowerShell
https://azure.microsoft.com/en-gb/documentation/articles/role-based-access-control-powershell/