Home » Microsoft » AZ-101 » What should you do?
You are configuring Azure Active Directory (AD) Privileged Identity Management.
You need to provide a user named Admin1 with read access to a resource group named RG1 for only one month. The user role must be assigned immediately.
What should you do?
A. Assign an active role.
B. Assign an eligible role.
C. Assign a permanently active role.
D. Create a custom role and a conditional access policy.
Correct Answer: B
Explanation/Reference:
Explanation:
Azure AD Privileged Identity Management introduces the concept of an eligible admin. Eligible admins should be users that need privileged access now and then, but not all-day, every day. The role is inactive until the user needs access, then they complete an activation process and become an active admin for a predetermined amount of time.
References: https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configure
