What should you include in the recommendation?

You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.

You need to recommend a solution for evaluating the membership of Group1.

The solution must meet the following requirements:

– The evaluation must be repeated automatically every three months.

– Every member must be able to report whether they need to be in Group1.

– Users who report that they do not need to be in Group1 must be removed from Group1 automatically

– Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.

What should you include in the recommendation?
A . Implement Azure AD Identity Protection.
B . Change the Membership type of Group1 to Dynamic User.
C . Create an access review.
D . Implement Azure AD Privileged Identity Management.

View Answer

Answer: B

Explanation:

In Azure Active Directory (Azure AD), you can create complex attribute-based rules to enable dynamic memberships for groups. Dynamic group membership reduces the administrative overhead of adding and removing users.

When any attributes of a user or device change, the system evaluates all dynamic group rules in a directory to see if the change would trigger any group adds or removes. If a user or device satisfies a rule on a group, they are added as a member of that group. If they no longer satisfy the rule, they are removed.

References:

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership