ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam
Go to Exam

Exam SC-300 topic 4 question 19 discussion

Actual exam question from Microsoft's SC-300
Question #: 19
Topic #: 4
[All SC-300 Questions]

HOTSPOT -
Your company has an Azure Active Directory (Azure AD) tenant named contoso.com. The company has a business partner named Fabrikam, Inc.
Fabrikam uses Azure AD and has two verified domain names of fabrikam.com and litwareinc.com. Both domain names are used for Fabrikam email addresses.
You plan to create an access package named package1 that will be accessible only to the users at Fabrikam.
You create a connected organization for Fabrikam.
You need to ensure that the package1 will be accessible only to users who have fabrikam.com email addresses.
What should you do? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

Show Suggested Answer Hide Answer
Suggested Answer:
Reference:
https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-request-policy https://docs.microsoft.com/en-us/azure/active-directory/governance/entitlement-management-access-package-create
by NawafAli at Jan. 6, 2022, 6:30 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
marsot
Highly Voted 1 year, 9 months ago
Correct. Box1: An access package POLICY in Identity Governance Access Package Policy specifies the policy by which subjects may request or be assigned an access package via an access package assignment. While Access PackageAssignment is an assignment of an access package to a particular subject for a period of time. Box2: The external Collaboration settings in Azure AD Portal > Azure AD > External Identities> External collaboration Settings > Collaboration restrictions > Deny invitation to specified domains Source: https://learn.microsoft.com/en-us/graph/api/resources/entitlementmanagement-overview?view=graph-rest-1.0
upvoted 10 times
...
Frank9020
Most Recent 2 months, 4 weeks ago
1️⃣ To allow access for users who have fabrikam.com email addresses: ✔ An access package policy in Identity Governance 2️⃣ To block access for users who have litwareinc.com email addresses: ✔ The External collaboration settings in Azure AD
upvoted 1 times
...
Arash123
5 months, 1 week ago
In the policy, you can assign an Access Package to a ‘Connected Organization’ by typing one of its domain names. However, users with any of the directory’s domains in their UPN will be able to request the package , (both Fabrikam and Litware) unless those domains are blocked by the B2B allow or deny domain list. => To block specific domains, you need to configure this in the External Collaboration settings (under ‘Deny invitations to the specified domains’)
upvoted 1 times
...
Arash123
5 months, 1 week ago
It seems some of us are having trouble locating Policies and Assignments. That's correct—you won't see them when you're creating a new Access Package. The key is to first create the access package, and once it's complete, click on it. You'll then see a few options appear on the left, including Policies and Assignments!
upvoted 1 times
...
Sc300ExamDemo
11 months, 1 week ago
Box 1 - access package in Identity governance where you defined external users access only Box 2- external collaborations- block domains where you want to work with almost any domains except for a few https://learn.microsoft.com/en-us/entra/external-id/allow-deny-list#add-a-blocklist
upvoted 4 times
...
Alcpt
11 months, 2 weeks ago
To allow access: use an access package POLICY https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-request-policy To block access: use a Conditional access policy in Azure AD
upvoted 1 times
Alcpt
11 months, 2 weeks ago
To allow access: use an access package POLICY https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-request-policy To block access: External collaboration is better - when using for external users and sharing with external organizations
upvoted 3 times
...
...
blanco00555
1 year ago
Access package policy in Identity Governance for both see step #13 https://learn.microsoft.com/en-us/entra/id-governance/entitlement-management-access-package-first
upvoted 2 times
...
Sneekygeek
1 year, 2 months ago
This question may be a little outdated. When creating an access package there is a 'requests' section where you can configure which connected organizations are allowed to request access. I think this is just an update that allows you to create the access package policy as a part of the access package creation process. This would allow configuration of an access package that one specified domain can request access to and satisfy both requirements in one step. Box1: An access package policy Box2: An access package policy
upvoted 2 times
...
syougun200x
1 year, 7 months ago
For those who are confused with policy and assignment, you can see policy is configured on this MS tutorial below. But I dont see "policy" when I create a new package in my test tenant. Maybe there was a layout change? https://www.youtube.com/watch?v=zaaKvaaYwI4&t=74s
upvoted 1 times
...
TafMuko
1 year, 10 months ago
I don't see how External Collaboration settings world play a part in this if they are both internal verified domains...
upvoted 4 times
JCkD4Ni3L
1 year, 6 months ago
This access package is created on contoso.com tenant FOR Fabrikam and litwareinc... collaboration will block litwareinc domain if configured so allowing only Fabrikam to access the package.
upvoted 1 times
...
...
rajbne
2 years ago
just confused on the wording access package "assignment" or "policy" ?
upvoted 3 times
northgaterebel
1 year, 8 months ago
i am too. when creating a new access package, at the top of the Requests section it reads: "Create a policy to specify who can request an access package, who can approve requests, and when access expires." so i guess that means it's a policy although it's called Requests? so cryptic :-(
upvoted 1 times
...
...
Jhill777
2 years, 4 months ago
Add an external Azure AD directory by typing one of its domain names. Note that users with any of the directory's domains in their UPN will be able to request, unless those domains are blocked by the B2B allow or deny list
upvoted 2 times
...
Imee
2 years, 7 months ago
on the exam 09222022, i answered the same. Passed the exam, btw.
upvoted 4 times
...
sapien45
2 years, 10 months ago
It is called Collaboration Restrictions
upvoted 4 times
...
Yelad
3 years, 1 month ago
On the exam - March 28, 2022
upvoted 1 times
...
Jun143
3 years, 1 month ago
just pass the exam today. This came in the question.
upvoted 2 times
...
stromnessian
3 years, 1 month ago
Given answer is correct.
upvoted 1 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago