You have an Azure Active Directory (Azure AD) tenant named contoso.com that has a security group named Group1. Group1 is configured for assigned membership. Group1 has 50 members, including 20 guest users.
You need to recommend a solution for evaluating the membership of Group1.
The solution must meet the following requirements:
– The evaluation must be repeated automatically every three months.
– Every member must be able to report whether they need to be in Group1.
– Users who report that they do not need to be in Group1 must be removed from Group1 automatically
– Users who do not report whether they need to be in Group1 must be removed from Group1 automatically.
What should you include in the recommendation?
A . Implement Azure AD Identity Protection.
B . Change the Membership type of Group1 to Dynamic User.
C . Create an access review.
D . Implement Azure AD Privileged Identity Management.
Answer: B
Explanation:
In Azure Active Directory (Azure AD), you can create complex attribute-based rules to enable dynamic memberships for groups. Dynamic group membership reduces the administrative overhead of adding and removing users.
When any attributes of a user or device change, the system evaluates all dynamic group rules in a directory to see if the change would trigger any group adds or removes. If a user or device satisfies a rule on a group, they are added as a member of that group. If they no longer satisfy the rule, they are removed.
References:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-dynamic-membership