What should you do to ensure that you can assign VM2 the Reader role for the resource group?

You create the Azure resources shown in the following table.

You attempt to add a role assignment to a resource group as shown in the following exhibit.

What should you do to ensure that you can assign VM2 the Reader role for the resource group?
A . Modify the Reader role at the subscription level.
B . Configure just in time (JIT) VM access on VM2.
C . Configure Access control (IAM) on VM2.
D . Assign a managed identity to VM2.

View Answer

Answer: C

Explanation:

After you’ve configured an Azure resource with a managed identity, you can give the managed identity access to another resource, just like any security principal.

Use Azure RBAC to assign a managed identity access to another resource

After you’ve enabled managed identity on an Azure resource, such as an Azure VM or Azure virtual machine scale set:

✑ Sign in to the Azure portal using an account associated with the Azure subscription under which you have configured the managed identity.

✑ Navigate to the desired resource on which you want to modify access control. In this example, we are giving an Azure virtual machine access to a storage account, so we navigate to the storage account.

✑ Select the Access control (IAM) page of the resource, and select + Add role assignment. Then specify the Role, Assign access to, and specify the corresponding Subscription. Under the search criteria area, you should see the resource. Select the resource, and select Save.

Reference: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/howto-assign-access-portal