ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-104 All Questions

View all questions & answers for the AZ-104 exam
Go to Exam

Exam AZ-104 topic 2 question 92 discussion

Actual exam question from Microsoft's AZ-104
Question #: 92
Topic #: 2
[All AZ-104 Questions]

HOTSPOT
-

You have an Azure AD tenant.

You need to modify the Default user role permissions settings for the tenant. The solution must meet the following requirements:

• Standard users must be prevented from creating new service principals.
• Standard users must only be able to use PowerShell or Microsoft Graph to manage their own Azure resources.

Which two settings should you modify? To answer, select the appropriate settings in the answer area.

NOTE: Each correct answer is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:
by GoldenDisciple2 at Aug. 31, 2023, 8:11 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
AntaninaD
Highly Voted 1 year, 6 months ago
Register applications: Setting this option to No prevents users from creating application registrations. Restrict access to Azure AD administration portal: What does this switch do? No: lets non-administrators browse the Azure AD administration portal. Yes: Restricts non-administrators from browsing the Azure AD administration portal. Non-administrators who are owners of groups or applications are unable to use the Azure portal to manage their owned resources. What does it not do? It doesn't restrict access to Azure AD data using PowerShell, Microsoft GraphAPI, or other clients such as Visual Studio. It doesn't restrict access as long as a user is assigned a custom role (or any role). https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/users-default-permissions
upvoted 26 times
Jay_D_Lincoln
4 weeks ago
What is your answer? It is not making sense
upvoted 1 times
...
Z_MU
2 months ago
What about that option, should we disable "Users can create security groups"? Is security groups considered as security principal?
upvoted 1 times
...
josola
1 year, 4 months ago
Although I agree with your answer, the setting is already "Yes" in "Restrict access to Azure administration portal," meaning that there is no need to change that setting. It looks like that the question has it backwards.
upvoted 2 times
MatAlves
1 year, 1 month ago
No, the "Restrict Access to Azure AD" is set to "No".
upvoted 6 times
...
...
...
testtaker09
Highly Voted 8 months, 2 weeks ago
was in the exam today 17/06/2024
upvoted 5 times
...
[Removed]
Most Recent 5 months, 4 weeks ago
CORRECT
upvoted 2 times
RajeshwaranM
2 months ago
Restrict nonadmin users from creating tenants Is it a correct answer? I'm not sure about Could anyone put the answer with clear details? Answer
upvoted 1 times
cpaljchc4
1 week, 4 days ago
From my understanding from the forum, 1. set the User can register applications: From Yes -> No 2. Set Restrict Access to Azure AD: From No -> Yes But I didn't have Lab questions last time when I took in Dec 2024, so I didn't see this question.
upvoted 1 times
...
...
...
3c5adce
9 months, 3 weeks ago
Partially Correct - only adjust the "Users can register applications" to No to prevent the creation of new service principals. For managing resource access through PowerShell or Microsoft Graph, ensure that proper RBAC policies are in place. If there are specific settings related to PowerShell or Microsoft Graph access that can be toggled in your environment, these would typically be managed directly in the Azure subscription or resource management panels rather than Azure AD tenant settings.
upvoted 2 times
...
Amir1909
1 year ago
Correct
upvoted 1 times
...
river1999991
1 year, 3 months ago
The given answer is correct.
upvoted 3 times
...
markb258
1 year, 5 months ago
why isnt it to restrict user to their own directory objects?
upvoted 3 times
alsmk2
7 months ago
Because the question is for STANDARD users, and that option refers to GUEST users.
upvoted 1 times
...
...
Cfernandes
1 year, 5 months ago
Acho correto
upvoted 1 times
...
ajdann
1 year, 6 months ago
I believe its correct
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago