Exam AZ-500 topic 2 question 44 discussion

Correct Answer Application Developer Users in this role can create application registrations when the "Users can register applications" setting is set to No. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#application-developer

Application Developer - Create application registration when ability is disabled for all users

Answer: D, Application developer in Azure AD Reason: Since App registrations are set to "No" in the tenant settings, users by default cannot register applications. The Application developer role in Azure AD is specifically designed to allow users to register applications while following the principle of least privilege. Reference: https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#application-developer

Answer is D - app developer. It's so annoying that all these options are so interlaced creating a lot of times confusion. In this case, MS should remove such flags so that all controls are centralized around roles. This would make things clear in a lot of cases.

D. Application developer in Azure AD

D is the answer. https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-app-roles#grant-individual-permissions-to-create-and-consent-to-applications-when-the-default-ability-is-disabled Assign the Application Developer role to grant the ability to create application registrations when the Users can register applications setting is set to No. This role also grants permission to consent on one's own behalf when the Users can consent to apps accessing company data on their behalf setting is set to No.

D is correct Users in this role can create application registrations when the "Users can register applications" setting is set to No. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#application-developer

D. Application developer in Azure AD

By default, any user in Azure AD cannot register applications. The ability to register applications in Azure AD is typically restricted to administrators or users with specific permissions. However, the level of access control for application registration can be configured by an administrator through the use of Azure AD role-based access control (RBAC). For example, an administrator can grant specific users or groups the ability to register applications in Azure AD by assigning them the "Application Developer" role. In summary, t The ability to register applications in Azure AD is not available to all users by default but can be granted through the use of Azure AD RBAC. D is correct considering least priviledged

Application Developer is the least privilege option here

Correct. To register an app you need app developer. To grant consent to an app you need with app admin or cloud app admin.

In Exam 02/12/2022. 3 new questions, rest from here.

correct

correct: https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task

correct: https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task

Application Developer Can create application registrations independent of the 'Users can register applications' setting. https://docs.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

Please check the additional roles, the Cloud App Admin role is the right selection. https://docs.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task