Exam AZ-204 topic 2 question 31 discussion

The parameter should be "IdentityType", not "IdentityId" as it's stated in the reference link. "SystemAssigned" is correct

Box 1: -IdentityType -IdentityType: The type of identity used for the virtual machine. Valid values are SystemAssigned, UserAssigned, SystemAssignedUserAssigned, and None. -IdentityId: Specifies the list of user identities associated with the virtual machine. The user identity references will be ARM resource IDs in the form: Box 2: $SystemAssigned There are two types of managed identities: - System-assigned: Some Azure services allow you to enable a managed identity directly on a service instance. When you enable a system-assigned managed identity an identity is created in Azure AD that is tied to the lifecycle of that service instance. So when the resource is deleted, Azure automatically deletes the identity for you. By design, only that Azure resource can use this identity to request tokens from Azure AD. - User-assigned: You may also create a managed identity as a standalone Azure resource. You can create a user-assigned managed identity and assign it to one or more instances of an Azure service. In the case of user-assigned managed identities, the identity is managed separately from the resources that use it.

IdentityType SystemAssigned

Correct Answer. $vm = Get-AzVM -ResourceGroupName myResourceGroup -Name myVM Update-AzVM -ResourceGroupName myResourceGroup -VM $vm -IdentityType SystemAssigned Reference: https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/how-to-configure-managed-identities?pivots=qs-configure-powershell-windows-vm#enable-system-assigned-managed-identity-on-an-existing-azure-vm

first should be IdentityType , but if you don't have this choice which closely maps to -IdentityType is -AssignIdentity

# Login to your Azure account Connect-AzAccount # Specify the resource group and VM name $resourceGroupName = "YourResourceGroup" $vmName = "YourVMName" # Get the VM object $vm = Get-AzVM -ResourceGroupName $resourceGroupName -Name $vmName # Enable system-assigned managed identity $vm = Set-AzVMIdentity -ResourceGroupName $resourceGroupName -VM $vm -AssignIdentity:$SystemAssigned # Update the VM with the managed identity configuration Update-AzVM -ResourceGroupName $resourceGroupName -VM $vm

Given answer is correc

On my exam 2023-10 before the Update of the Exam

https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm#enable-system-assigned-managed-identity-on-an-existing-azure-vm

Just for information: I just had this question on my AZ204 exam - 16-jun-2023. I barely made it (with only 767 points) so I can't inform anyony if this answer is correct or not, just stating that this is an actual exam question.

<IdentityType> The type of identity used for the virtual machine. Valid values are SystemAssigned, UserAssigned, SystemAssignedUserAssigned, and None. Type: Nullable<T>[ResourceIdentityType] Accepted values: SystemAssigned, UserAssigned, SystemAssignedUserAssigned, None

since $ states they both are variables. given answer is correct.

Please correct me if I am wrong, but the "The access lifecycle for the application must be associated with the VM service instance" part looks like a red herring. Since it says that the *access* lifecycle must be associated with the service instance and not the *managed identity lifecycle*, then a user assigned identity would work here. Delete the VM and the application has no more access to it. If true, that would make the "IdentityID" parameter correct in this case.

Got this in exam today..20/02/23 score: 817

Got this question in exam today on 20-02-2023

Got this in the exam today ! Nov 25, 2022

There's no correct option, it should be "IdentityType" https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-powershell-windows-vm#enable-system-assigned-managed-identity-on-an-existing-azure-vm We should update this question and the answer