BenchMark Quizzes by MDFT Pro

Verify Users Still Require Security Administrator Role

MDFT Pro, a well-known training agency, maintains strict security governance for their Azure Active Directory tenant to protect sensitive student data and educational intellectual property. Mark, the Security Review Administrator, has configured Azure AD Privileged Identity Management (PIM) to manage elevated permissions across their educational platform.

The company currently has 10 users assigned the Security Administrator role who have permissions to manage security settings and oversee threat protection for their learning management systems. As part of their quarterly security review process, Mark’s colleague Claire, the Security Review Specialist, needs to verify whether these users still require the Security Administrator role or if their responsibilities have changed, allowing for role assignments to be reduced following the principle of least privilege.

What should Mark do to verify whether the users still require the Security Administrator role?

Choose the correct answer from the options below.

Explanations for each answer:

From Azure AD Identity Protection, configure a user risk policy is incorrect. User risk policies in Identity Protection are designed to detect and respond to compromised user accounts based on risk indicators, not to review whether users still need specific role assignments.
From Azure AD Privileged Identity Management, create an access review is correct. Access reviews in PIM are specifically designed to periodically verify whether users still require privileged roles. This feature allows reviewers to confirm or deny the necessity of role assignments for users.
From Azure AD Identity Protection, configure the Weekly Digest is incorrect. The Weekly Digest in Identity Protection provides summary information about risk detections and risky users, but it doesn't facilitate role assignment reviews or verification processes.
From Azure AD Privileged Identity Management, create a conditional access policy is incorrect. Conditional access policies in PIM control how and when privileged roles can be activated, but they don't provide mechanisms to review or verify whether users still need their assigned roles.

Learn More About PIM Access Reviews:

Azure AD PIM Access Reviews

Exam Preparation Quiz

Verify Users Still Require Security Administrator Role