Microsoft Azure Architect Design (2020, legacy) — Question 11

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:
✑ The evaluation must be repeated automatically every three months.
✑ Every member must be able to report whether they need to be in Group1.
✑ Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
✑ Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?

Answer options

• A. Change the Membership type of Group1 to Dynamic User.
• B. Implement Azure AD Privileged Identity Management.
• C. Implement Azure AD Identity Protection.
• D. Create an access review.

Correct answer: D

Explanation

The correct answer is D, as creating an access review enables the automatic evaluation of group members, allowing them to confirm their need for membership. This process can be scheduled every three months, and it ensures that users who do not respond or indicate they do not need membership are removed from the group. The other options do not provide the required functionality for automatic membership evaluation and reporting.