Microsoft Azure Architect Design (2020, legacy) — Question 16

You have 200 resource groups across 20 Azure subscriptions.
Your company's security policy states that the security administrator must verify all assignments of the Owner role for the subscriptions and resource groups once a month. All assignments that are not approved by the security administrator must be removed automatically. The security administrator must be prompted every month to perform the verification.
What should you use to implement the security policy?

Answer options

• A. Identity Secure Score in Azure Security Center
• B. Access reviews in Identity Governance
• C. the user risk policy in Azure Active Directory (Azure AD) Identity Protection
• D. role assignments in Azure Active Directory (Azure AD) Privileged Identity Management (PIM)

Correct answer: D

Explanation

The correct answer is D because Azure AD Privileged Identity Management (PIM) allows the security administrator to manage role assignments and perform access reviews, ensuring that unapproved Owner role assignments can be removed automatically. Options A and C do not specifically address role assignment verification, while option B focuses on access reviews but does not facilitate automatic removal of unapproved assignments.