ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-500 All Questions

View all questions & answers for the AZ-500 exam
Go to Exam

Exam AZ-500 topic 4 question 25 discussion

Actual exam question from Microsoft's AZ-500
Question #: 25
Topic #: 4
[All AZ-500 Questions]

You have an Azure Active Directory (Azure AD) tenant and a root management group.
You create 10 Azure subscriptions and add the subscriptions to the root management group.
You need to create an Azure Blueprints definition that will be stored in the root management group.
What should you do first?

  • A. Modify the role-based access control (RBAC) role assignments for the root management group.
  • B. Add an Azure Policy definition to the root management group.
  • C. Create a user-assigned identity.
  • D. Create a service principal.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by arunjana at Dec. 6, 2020, 12:06 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Stuudent
Highly Voted 3 years, 4 months ago
When I tried to create a Blueprint at the root management group, I got the following message: Deploy blueprint to root management group: "You require additional permissions to manage blueprints within this management group. Contact the administrator of the management group to request Contributor rights." Had to elevate myself to a Contributor at the root group, then I could create the blueprint. Therefore option A is definitely correct.
upvoted 63 times
micofucho
2 years, 1 month ago
Why do you assume your permissions in your root MG are the permissions you have in the question? May be you had not enough permissions, I don't know what permissions you had at that moment, but I think it's not a reason for to post A as the right answer. May be other people had, for example me, higher permissions, besides, where does the question say what permissions do you have when creating the blueprint? Please, read JerryGolais post
upvoted 1 times
ConanBarb
1 year, 1 month ago
I vote for A, even though I agree with your questions in general. The reason is the guidance in the doc below, "Configure your environment for a Blueprint Operator" where the first step is to "Grant permission to the Blueprint Operator" https://learn.microsoft.com/en-us/azure/governance/blueprints/how-to/configure-for-blueprint-operator If nothing else, all the other options are weaker/worse
upvoted 1 times
...
...
...
wardy1983
Most Recent 5 months, 1 week ago
Answer: A Explanation: When I tried to create a Blueprint at the root management group, Deploy blueprint to root management group: "You require additional permissions to manage blueprints within this management group. Contact the administrator of the management group to request Contributor rights." Had to elevate myself to a Contributor at the root group, then I could create the blueprint. Reference: https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin
upvoted 3 times
...
ErikPJordan
7 months, 1 week ago
To create an Azure Blueprints definition that will be stored in the root management group, you should do the following: B. Add an Azure Policy definition to the root management group. Azure Blueprints leverages Azure Policy to apply governance to your subscriptions, and you create and associate policy definitions with your blueprint to enforce specific requirements. By adding an Azure Policy definition to the root management group, you establish a policy that can be used within your Azure Blueprint definition. Here's the general process: Create the necessary Azure Policy definitions that align with your desired governance requirements. Add these policy definitions to the root management group or appropriate scope. Create the Azure Blueprint definition and associate it with these policy definitions to enforce governance during the blueprint's assignment. Options A, C, and D are unrelated to creating an Azure Blueprints definition in the root management group.
upvoted 1 times
ErikPJordan
7 months, 1 week ago
I think you mean A ChatGPT I apologize for any confusion in my previous response. You are correct; the correct answer is indeed A. Modify the role-based access control (RBAC) role assignments for the root management group. To create an Azure Blueprints definition that will be stored in the root management group, you need to ensure that you have the appropriate permissions and RBAC role assignments at the root management group level. Azure Blueprints is a governance service that uses RBAC to manage access to Blueprint definitions, so you need to have the necessary permissions to create and manage those definitions in the root management group. Here's a more detailed explanation: Modify the role-based access control (RBAC) role assignments for the root management group: You should have the required RBAC roles (like Blueprint Contributor or Owner) at the root management group level to create and manage Azure Blueprints definitions. Once you have the necessary RBAC permissions, you can proceed to create Azure Blueprints definitions that will be stored in the root management group.
upvoted 1 times
...
...
Catlyn
7 months, 1 week ago
ChatGPT says : "For creating an Azure Blueprints definition that will be stored in the root management group, the first step is to: B. Add an Azure Policy definition to the root management group."
upvoted 2 times
...
majstor86
1 year, 1 month ago
Selected Answer: A
A. Modify the role-based access control (RBAC) role assignments for the root management group.
upvoted 3 times
...
ligu
1 year, 2 months ago
The answer is correct
upvoted 1 times
...
paulb2b
1 year, 9 months ago
when applying to Root You require additional permissions to manage blueprints within this management group
upvoted 2 times
...
Eltooth
2 years, 1 month ago
Selected Answer: A
A is correct answer.
upvoted 1 times
...
kam117
2 years, 7 months ago
## Exam Question - 24 Sept 2021 ##
upvoted 1 times
...
TonytheTiger
2 years, 7 months ago
## Exam Question - 17 Sept 2021 ##
upvoted 2 times
...
francis6170
2 years, 7 months ago
Got this in the AZ-500 exam (Sept 2021)! A: A
upvoted 3 times
...
rsharma007
2 years, 8 months ago
BPs Stages - define-->draft-->publish-->assign-->update-->un-assign AZ BluePrints(BPs) need RBAC permissions at the scope where it is defined and/or assigned. So if you plan to define BPs at the root management group, you need to have Blueprint owner/contributor permissions at the root management group scope to define and assign( only owner can assign). Azure user defined identity with owner or operator role is required to assign a policy via API, but assignment can be done only after definition and hence comes later. Service Principal - BPs are assigned a service principal with owner role at the subscription scope when deployed( during assignment). If using API then a user defined managed identity with operator role can be used.
upvoted 3 times
...
JerryGolais
3 years ago
I am not sure what access we have. For all we know we have the owner role and the correct answer is B. Or we don't have contributor rights and it's A. I am thinking that if we are able to create 10 subs in this management group, we have contributor rights so I would go for B. To sum up, I'm not sure.
upvoted 4 times
Blockabb
2 years, 7 months ago
Default permissions on root are extremely restricted. Making a subscription does not require making a management group.
upvoted 1 times
...
...
arunjana
3 years, 4 months ago
When creating a blueprint definition, you'll define where the blueprint is saved. Blueprints can be saved to a management group or subscription that you have Contributor access to. If the location is a management group, the blueprint is available to assign to any child subscription of that management group. https://docs.microsoft.com/en-us/azure/governance/blueprints/overview
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago