Planning and Administering Microsoft Azure for SAP Workloads — Question 86

You have an Azure subscription named Sub1 that is linked to a Microsoft Entra tenant named contoso.com.

You have an on-premises deployment of SAP Landscape Management (LaMa).

You need to ensure that the on-premises LaMa deployment is authorized to manage the SAP resources provisioned to Sub1.

What should you create first?

Answer options

• A. a user-assigned managed identity in Sub1
• B. a system-assigned managed identity in Sub1
• C. an app registration in contoso.com
• D. an external identity provider in contoso.com

Correct answer: B

Explanation

The correct answer is B, as a system-assigned managed identity is automatically created and tied to the Azure resources, allowing them to authenticate to Azure services without needing credentials. Options A and C are not suitable as a user-assigned managed identity requires prior setup and app registration is not directly relevant to granting resource management permissions. Option D relates to identity federation, which is unnecessary in this context.