Note: This question is part of series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have an Azure Active Directory (Azure AD) tenant named contoso.com.
A user named Admin1 attempts to create an access review from the Azure Active Directory admin center and discovers that the Access reviews settings are unavailable. Admin1 discovers that all the other Identity Governance settings are available.
Admin1 is assigned the User administrator, Compliance administrator, and Security administrator roles.
You need to ensure that the Admin1 can create access reviews in contoso.com.
Solution: You purchase an Azure Directory Premium P2 license for contoso.com.
Does this meet the goal?
Click on the arrows to vote for the correct answer
A. B.B
Instead use Azure AD Privileged Identity Management.
Note: PIM essentially helps you manage the who, what, when, where, and why for resources that you care about. Key features of PIM include:
-> Conduct access reviews to ensure users still need roles
https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-configureThe proposed solution to purchase an Azure Active Directory Premium P2 license for contoso.com to enable Admin1 to create access reviews in Azure AD is partially correct but not optimal.
Access Reviews is a feature of Azure Active Directory Premium P2, and purchasing a Premium P2 license would allow Admin1 to create access reviews in contoso.com. However, the access review feature can also be enabled by purchasing an Azure AD Premium P1 or Enterprise Mobility + Security E5 license.
Therefore, the proposed solution meets the goal of enabling Admin1 to create access reviews in contoso.com. However, it is not the most cost-effective solution. It is recommended to evaluate the organization's licensing needs and consider purchasing the license that meets all their requirements.
It is worth noting that there are no limitations on the User administrator, Compliance administrator, and Security administrator roles that prevent a user from creating access reviews. Therefore, if access reviews settings are unavailable to Admin1, there might be an issue with the Azure AD configuration or permissions, and it should be investigated further.
In conclusion, the proposed solution meets the goal, but it may not be the most cost-effective option. It is important to evaluate the organization's licensing needs and investigate any configuration or permission issues that might prevent Admin1 from creating access reviews in Azure AD.