Microsoft Azure Security Technologies — Question 72

You have an Azure subscription that contains a user named User1.

You need to ensure that User1 can perform the following tasks:

• Create groups.
• Create access reviews for role-assignable groups.
• Assign Azure AD roles to groups.

The solution must use the principle of least privilege.

Which role should you assign to User1?

Answer options

• A. Groups administrator
• B. Authentication administrator
• C. Identity Governance Administrator
• D. Privileged role administrator

Correct answer: D

Explanation

The correct answer is D, Privileged role administrator, as this role allows the user to manage role assignments and perform administrative tasks related to roles, including assigning roles to groups. The other options do not provide the necessary permissions for managing roles across groups or access reviews.