Designing Azure Infrastructure Solutions — Question 26

You have an Azure AD tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned memberships. Group1 has 50 members, including 20 guest users.

You need to recommend a solution for evaluating the membership of Group1. The solution must meet the following requirements:

• The evaluation must be repeated automatically every three months.
• Every member must be able to report whether they need to be in Group1.
• Users who report that they do not need to be in Group1 must be removed from Group1 automatically.
• Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.

What should you include in the recommendation?

Answer options

• A. Implement Azure AD Identity Protection.
• B. Change the Membership type of Group1 to Dynamic User.
• C. Create an access review.
• D. Implement Azure AD Privileged Identity Management (PIM).

Correct answer: C

Explanation

The correct answer is C, as creating an access review allows for periodic evaluations of group memberships, fulfilling the requirement for automatic reporting and removal of members. Option A, Azure AD Identity Protection, focuses on security risk assessment, not group membership evaluation. Option B, changing to Dynamic User membership, does not allow for member input on their necessity in the group. Option D, Azure AD PIM, is designed for managing privileged access and does not address group membership evaluations.