Microsoft Identity and Access Administrator — Question 30

You have an Azure AD tenant that contains a user named Admin1.

You need to ensure that Admin1 can perform only the following tasks:

• From the Microsoft 365 admin center, create and manage service requests.
• From the Microsoft 365 admin center, read and configure service health.
• From the Azure portal, create and manage support tickets.

The solution must minimize administrative effort.

What should you do?

Answer options

• A. Create an administrative unit and add Admin1.
• B. Enable Azure AD Privileged Identity Management (PIM) for Admin1.
• C. Assign Admin1 the Helpdesk Administrator role.
• D. Create a custom role and assign the role to Admin1.

Correct answer: D

Explanation

The correct answer is D because creating a custom role allows you to tailor permissions specifically to the tasks Admin1 needs to perform, ensuring minimal administrative overhead. Option A does not provide the necessary permissions, B grants broader access than required, and C does not cover all the tasks specified.