You have an Azure subscription that contains a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group.
What should you do?
A . Assign the Owner role to User1, and then instruct User1 to configure access management for Azure resources.
B . Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
C . Assign the Global administrator role to User1, and then modify the default conditional access policies.
D . Assign the Owner role to User1, and then modify the default conditional access policies.
Answer: A
Explanation:
To assign a policy to the tenant root management group you have to be an administrator of an Azure subscription. To make a user an administrator of an Azure subscription, assign them the Owner role at the subscription scope. After that assignment user can configure access management for Azure resources.
Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
Leave a Reply