Which role should you assign to User1?

You have a connected Azure Stack Hub integrated system that contains a user named User1.

You need to ensure that User1 can onboard a new guest tenant directory. The solution must use the principle of least privilege.

Which role should you assign to User1?
A . Owner
B. Global administrator
C. Hybrid identity administrator
D. Domain name administrator

View Answer

Answer: C

Explanation:

Hybrid Identity Administrator role is now available with Cloud Provisioning Type: New feature

Service category: Azure AD Cloud Provisioning

Product capability: Identity Lifecycle Management

IT Admins can start using the new "Hybrid Admin" role as the least privileged role for setting up Azure AD Connect Cloud Provisioning. With this new role, you no longer have to use the Global Admin role to set up and configure Cloud Provisioning.

Note: Hybrid Identity Administrator

Users in this role can create, manage and deploy provisioning configuration setup from AD to Azure AD using Cloud Provisioning as well as manage Azure AD Connect, Pass-through Authentication (PTA), Password hash synchronization (PHS), Seamless Single Sign-On (Seamless SSO), and federation settings. Users can also troubleshoot and monitor logs using this role.

Reference:

https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/whats-new-archive

https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#hybrid-identity-administrator