Exam SC-300 topic 1 question 63 discussion

The correct answer is B. Update-MgPolicyPermissionGrantPolicyExclude. The Update-MgPolicyPermissionGrantPolicyExclude cmdlet is used to exclude a policy from being applied to a specific set of users. In this case, you can use the cmdlet to exclude the self-service sign-up policy from being applied to users with the contoso.com SMTP address space.

Correct answer is A. B isn't even a valid command.

Answer: A

A. The Update-MgOrganization cmdlet is used to configure organization-wide settings in Microsoft Entra ID (Azure AD), including disabling self-service sign-ups for users. B. Update-MgPolicyPermissionGrantPolicyExclude – This cmdlet is used for managing permission grant policies, not self-service sign-up settings. C. Update-MgDomain – This is used to update domain properties but does not control user self-service sign-up. D. Update-MgDomainFederationConfiguration – This is used for managing domain federation settings, which is unrelated to blocking self-service sign-ups.

Answer) A Update-MyOrganization To turn off Self-Service Password Reset (SSPR) using the "Update-MgOrganization" cmdlet in PowerShell, you would need to set the "allowedToUseSSPR" parameter to "false" within the policy object

A: The PowerShell cmdlet Update-MgOrganization is used to configure settings for the organization, including self-service sign-up options. B. Update-MgPolicyPermissionGrantPolicyExclude: This cmdlet is used to modify permission grant policies for apps, not for disabling self-service sign-up.

You are correct! The Update-MgOrganization cmdlet with the AllowEmailVerifiedUsers parameter can also be used to prevent users from creating accounts using self-service sign-up.

Isn't the correct answer A? Update-MgOrganization AllowEmailVerifiedUsers $false would block self-service sign-up to the tenancy?

MS Articles: https://learn.microsoft.com/en-us/microsoft-365/commerce/subscriptions/manage-self-service-signup-subscriptions?view=o365-worldwide#block-users-from-signing-up or https://learn.microsoft.com/en-us/entra/identity/users/directory-self-service-signup#how-do-i-control-self-service-settings

Import-Module Microsoft.Graph.Identity.SignIns connect-MgGraph -Scopes "Policy.ReadWrite.Authorization" $param = @{ allowedToSignUpEmailBasedSubscriptions=$true allowEmailVerifiedUsersToJoinOrganization=$false } Update-MgPolicyAuthorizationPolicy -BodyParameter $param

Per Copilot: C. Update-MgDomain. The Update-MgDomain cmdlet is used to update the properties of a domain in Azure Active Directory (Azure AD). You can use this cmdlet to disable the ability for users to sign up for Microsoft 365 services using their contoso.com email address. Please note that the other options: A. Update-MgOrganization is not related to managing user sign-ups. B. Update-MgPolicyPermissionGrantPolicyExclude does not exist. D. Update-MgDomainFederationConfiguration is used to manage federation configurations, not user sign-ups. Therefore, option C is the most suitable choice for this task. If you dont give the answer options: To prevent users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services, you should run the Set-MsolCompanySettings cmdlet with the -UsersPermissionToCreateSelfServiceApplication parameter set to $false.

la opción A, es la correcta. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-signup

https://learn.microsoft.com/en-us/microsoft-365/admin/misc/self-service-sign-up?view=o365-worldwide#:~:text=To%20control%20whether%20users%20can%20sign%20up%20for%20self%2Dservice%20subscriptions%2C%20use%20the%20Update%2DMgPolicyAuthorizationPolicy%20PowerShell%20cmdlet%20with%20the%20AllowAdHocSubscriptions%20parameter. however when you go to MG documentation for that CMDlet this parameter is not even listed. Most likely is changed to these allowedToSignUpEmailBasedSubscriptions=$true allowEmailVerifiedUsersToJoinOrganization=$false

B You use the Update-MgPolicyAuthorizationPolicy cmdlet with the AllowAdHocSubscriptions parameter to control whether users can sign up for self-service sign-up subscriptions.

I stand for B

I think the answer is B. The given answer seems to be related to the organizational data not setting what can and cannot be done within the organization. B does provide mechanisms to prevent user actions. C - doesn't seem to apply at all.