You have a Microsoft 365 subscription that contains a guest user named User1. User1 is assigned the User administrator role

HOTSPOT

You have a Microsoft 365 subscription that contains a guest user named User1. User1 is assigned the User administrator role.

You have a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. Contoso.com is configured as shown in the following exhibit.

Use the drop-down menus to select the answer choice that completes each statement based on the information presented in the graphic. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Default permissions for guests are restrictive by default. Guests can be added to administrator roles, which grant them full read and write permissions contained in the role. There is one additional restriction available, the ability for guests to invite other guests. Setting Guests can invite to No prevents guests from inviting other guests.

User1 is assigned the User Administrator role. Therefore, User1 can open the Azure portal, view users, create new users, and create new guest users.

In the exhibit, the ‘Guest user permissions are limited’ is set to no. This means that guest users have the same permissions as members. However, the ‘Guests can invite’ setting is set to No. Therefore, other guest users (all guest users except User1) can open the Azure portal and view users in the same way as member users can.

Reference:

https://docs.microsoft.com/en-us/azure/active-directory/b2b/delegate-invitations

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions