Exam SC-300 topic 1 question 63 discussion

The correct answer is B. Update-MgPolicyPermissionGrantPolicyExclude. The Update-MgPolicyPermissionGrantPolicyExclude cmdlet is used to exclude a policy from being applied to a specific set of users. In this case, you can use the cmdlet to exclude the self-service sign-up policy from being applied to users with the contoso.com SMTP address space.

You are correct! The Update-MgOrganization cmdlet with the AllowEmailVerifiedUsers parameter can also be used to prevent users from creating accounts using self-service sign-up.

Correct answer is A. B isn't even a valid command.

Isn't the correct answer A? Update-MgOrganization AllowEmailVerifiedUsers $false would block self-service sign-up to the tenancy?

MS Articles: https://learn.microsoft.com/en-us/microsoft-365/commerce/subscriptions/manage-self-service-signup-subscriptions?view=o365-worldwide#block-users-from-signing-up or https://learn.microsoft.com/en-us/entra/identity/users/directory-self-service-signup#how-do-i-control-self-service-settings

Import-Module Microsoft.Graph.Identity.SignIns connect-MgGraph -Scopes "Policy.ReadWrite.Authorization" $param = @{ allowedToSignUpEmailBasedSubscriptions=$true allowEmailVerifiedUsersToJoinOrganization=$false } Update-MgPolicyAuthorizationPolicy -BodyParameter $param

Per Copilot: C. Update-MgDomain. The Update-MgDomain cmdlet is used to update the properties of a domain in Azure Active Directory (Azure AD). You can use this cmdlet to disable the ability for users to sign up for Microsoft 365 services using their contoso.com email address. Please note that the other options: A. Update-MgOrganization is not related to managing user sign-ups. B. Update-MgPolicyPermissionGrantPolicyExclude does not exist. D. Update-MgDomainFederationConfiguration is used to manage federation configurations, not user sign-ups. Therefore, option C is the most suitable choice for this task. If you dont give the answer options: To prevent users from creating user accounts in the contoso.com Azure AD tenant for self-service sign-up to Microsoft 365 services, you should run the Set-MsolCompanySettings cmdlet with the -UsersPermissionToCreateSelfServiceApplication parameter set to $false.

la opción A, es la correcta. https://learn.microsoft.com/en-us/azure/active-directory/enterprise-users/directory-self-service-signup

https://learn.microsoft.com/en-us/microsoft-365/admin/misc/self-service-sign-up?view=o365-worldwide#:~:text=To%20control%20whether%20users%20can%20sign%20up%20for%20self%2Dservice%20subscriptions%2C%20use%20the%20Update%2DMgPolicyAuthorizationPolicy%20PowerShell%20cmdlet%20with%20the%20AllowAdHocSubscriptions%20parameter. however when you go to MG documentation for that CMDlet this parameter is not even listed. Most likely is changed to these allowedToSignUpEmailBasedSubscriptions=$true allowEmailVerifiedUsersToJoinOrganization=$false

B You use the Update-MgPolicyAuthorizationPolicy cmdlet with the AllowAdHocSubscriptions parameter to control whether users can sign up for self-service sign-up subscriptions.

I stand for B

I think the answer is B. The given answer seems to be related to the organizational data not setting what can and cannot be done within the organization. B does provide mechanisms to prevent user actions. C - doesn't seem to apply at all.