Forum Discussion
Need answer for Az-104 Q&A please
Can I've an answer for the below question with good explanation.
You have an Azure subscription that contains a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?
A . Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
B . Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
C . Assign the Global administrator role to User1, and then modify the default conditional access policies.
D . Assign the Owner role to User1, and then modify the default conditional access policies
You have an Azure subscription that contains a user account named User1. You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?
A . Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
B . Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
C . Assign the Global administrator role to User1, and then modify the default conditional access policies.
D . Assign the Owner role to User1, and then modify the default conditional access policies
I believe A:
A. Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
-
Role Requirements:
- To assign policies at the tenant root management group level, User1 needs sufficient permissions. The Owner role provides full access to all resources, including the ability to assign policies.
-
Configuring Access Management:
- After assigning the Owner role, User1 will need to configure access management for Azure resources. This step ensures that User1 has the necessary permissions to manage and assign policies effectively.
-
Fazil_RF Can't be A or D because if user1 is the owner of the subscription he can do anything inside it, but he cannot have access to the tenant root management group, because it is a superior level in the hierarachy. Azure AD Global Administrators are the only users that can elevate themselves to gain access. Once they have access to the root management group, the global administrators can assign any Azure role to other users to manage it.
After reading the response of another person I though about mine, and I reconsider, and agree that A is the right answer. I was wrongly assuming that user1 was owner at subscription level, but this is not siad in the answer, so he can be assigned owner role at the tenant root management group level, and be able to assign policies afterwards.
