Suggested Answer:
A resource group is a logical container for Azure resources. Resource groups make the management of Azure resources easier. With a resource group, you can allow a user to manage all resources in the resource group, such as virtual machines, websites, and subnets. The permissions you apply to the resource group apply to all resources contained in the resource group. Reference: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups https://docs.microsoft.com/en-us/azure/role-based-access-control/overview
the point is simultaneously. With templates it is affected only when the other vms is been spinned. But with resource group , all permission is passed to all resources within the group at same time.
This is about permissions, not about VMs. So AZ Resource Group is the best answer. Moreoever, with AZ Resource, you can only delegate permission to that specific resource, not several VMs.
It doesn't specify exactly that the virtual machines are already deployed. But I guess it is easier to move VMs to the same resource group and delegate permissions to the resource group.
I also consider the Azure Resource Manager delegating permissions because:
"When you onboard a customer to Azure Lighthouse, you use an Azure Resource Manager template along with a parameters file to define authorizations that grant access to delegated resources in the customer tenant. Each authorization specifies a principalId that corresponds to an Azure AD user, group, or service principal in the managing tenant, and a roleDefinitionId that corresponds to the Azure built-in role that will be granted."
https://docs.microsoft.com/en-us/azure/lighthouse/how-to/deploy-policy-remediation
We cant set permitions on ARM templates according to my investigation.
One Important thing, We can't apply permission on Subscription level using ARM template. We can only apply permission on resource group and its resources.
https://stackoverflow.com/questions/48284885/can-i-apply-permissions-through-an-arm-template#:~:text=One%20Important%20thing%2C%20We%20can%27t%20apply%20permission%20on,permission%20on%20resource%20group%20and%20its%20resources.%20Share
Copilot: To delegate permissions to several Azure VMs simultaneously, deploying them in the same resource group is typically more straightforward. Resource groups allow you to manage permissions and policies at a group level, making it easier to apply roles and manage access.
Using the same ARM template for deployment also ensures consistency, but for ongoing permission management, resource groups are more practical.
C. to the same resource group.
This is the correct answer because you can manage access control and permissions more efficiently by deploying Azure virtual machines to the same resource group. Azure allows you to apply RBAC (Role-Based Access Control) to resource groups, which means you can grant the same permissions to multiple virtual machines in the same resource group simultaneously. It simplifies the process of delegating permissions across multiple VMs.
A. Deploying VMs to the same Azure region does not have any direct impact on the ability to delegate permissions. Regions define the physical location of data centers, not access control.
B. Using the same Azure Resource Manager template is a method for deploying VMs with similar configurations but doesn't directly relate to managing permissions or access control.
D. Deploying VMs to the same availability zone is a strategy for improving high availability and fault tolerance but doesn't inherently affect the delegation of permissions.
I think the correct answer is ARM templates. Here is a quote from the learning material: "With Azure Resource Manager, you can: [...] Apply access control to all services because RBAC is natively integrated into the management platform. [...].
"
https://learn.microsoft.com/en-us/training/modules/describe-features-tools-manage-deploy-azure-resources/4-describe-azure-resource-manager-azure-arm-templates
Recursos/Objetos herdam as permissões e configurações do grupo de recursos.
Imagina que há um grupo de recurso com 3 recursos lá dentro.
A maneira mais rápida de configurar as mesmas permissões nos 3 simultaneamente, é atribuindo a permissão diretamente no grupo de recursos
The answer is incorrect. The correct answer is ARM Template.
"No, you cannot delegate permissions to several Azure virtual machines simultaneously by deploying Azure Virtual Machines to the same resource group. A resource group is a logical container for Azure resources, but it does not define the scope of role assignments. To delegate permissions to several Azure virtual machines simultaneously, you must use Azure Resource Manager Template, which is a JSON file that defines the resources and role assignments you need to deploy for your solution"
When you need to delegate permissions to several Azure virtual machines simultaneously,
you must "deploy the Azure virtual machines"
Deploy - Means to create and setup a virtual machine. So these machines don't exist yet.
This means using "Same resource manager template" is the best option as the permission would be set while the machines are being created.
A Resource Manager template (usually written in JSON format) allows you to define and deploy a set of Azure resources together. This template can include the configuration for virtual machines, along with associated permissions and access control rules.
The azure resource template would allow you way more control. What if you need to deploy other 'things' in the resource group that do not require the same permissions? Plus, if the VMs need to be in different resource groups, but have the same permissions, then the template would allow you to apply permissions accordingly.
A resource group can contain multiple resources.
"A resource group is a container that holds related resources for an Azure solution. The resource group can include all the resources for the solution, or only those resources that you want to manage as a group."
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/manage-resource-groups-portal
Azure Resource Manager templates (ARM templates). The template is a JavaScript Object Notation (JSON) file that defines the infrastructure and configuration for your project. The template uses declarative syntax, which lets you state what you intend to deploy without having to write the sequence of programming commands to create it. In the template, you specify the resources to deploy and the properties for those resources.
https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
panal
Highly Voted 3 years, 9 months agoAcredser
Highly Voted 3 years, 10 months agoBabieTee
3 years, 8 months agoclevermantmnd
3 years, 9 months agobytoki
3 years, 6 months agoalexandru_chirita
3 years agoTitoChuz
2 years, 7 months agoPN60
Most Recent 1 month, 1 week agodayanandthombare
1 year, 1 month agoSAFM
1 year, 2 months agolerezende12
1 year, 2 months agoSanj2023
1 year, 2 months agoVinnyMacD
1 year, 3 months agoSAFM
1 year, 2 months agomsmt
1 year, 5 months agoorlandoryo
1 year, 9 months agoJoeGuan
1 year, 9 months agorusstest
1 year, 10 months agosideque
1 year, 8 months agobuiducvu
1 year, 11 months agoTonyghostR05
2 years, 2 months agoTonyghostR05
2 years, 2 months agoPa1theAchiever
2 years, 5 months agosilviogremio
2 years, 5 months agogtvish
2 years, 5 months agocuentaalternajsr
2 years, 6 months agoexamsycia
2 years, 8 months ago