The Azure Active Directory (Azure AD) tenant contains the groups shown in the following table. In Azure AD, you add a new enterprise application named App1. Which groups can you assign to App1?
MS documentation is not up to date! Just tested in my tenant, all the below groups are supported
1- Security
2- Microsoft 365
3- Mail-Enabled security Group
I was also able to add a distribution list as an assigned group to an enterprise app.
It seems like the prerequisite is the attribute "securityEnabled" is not necessary either.
If you create M365 from Microsoft Admin center, securityEnabled attribute is by default set to No, but if you create M365 groups from Azure AD portal or Entra, securityEnabled is set to Yes.
But nevertheless, I could add all groups as assignments to the enterprise App.
As of today, 9/6/2023:
"Group-based assignment requires Azure Active Directory Premium P1 or P2 edition. Group-based assignment is supported for Security groups and Microsoft 365 groups whose SecurityEnabled setting is set to True only."
Answer is correct.
Answer is E.
Security groups:
Azure Resources: Security groups can be used to manage access to Azure resources such as virtual machines, databases, and other services.
SharePoint Sites: They can control access to SharePoint sites and libraries.
Applications: Security groups can be assigned to enterprise applications in Azure AD to manage user access.
Licenses: They can be used to assign licenses to users.
Mail-enabled security groups:
Email Distribution: These groups are primarily used for email distribution and can also grant access permissions to resources in Active Directory.
Exchange Online: They are managed through the Exchange admin center and are used for both email distribution and security
While both types of groups can manage access to certain resources, security groups have broader capabilities within Azure AD and are more versatile for managing access to a wide range of Azure resources and applications
Sorry, but you are incorrect:
Group4 (Mail-Enabled Security Group) Can't be assigned to Apps:
You may claim that mail-enabled security groups can be assigned to apps because they are used for both email communication and security-related tasks. However, in Azure AD, there is a key limitation:
Azure AD Does Not Support Mail-Enabled Security Groups for App Assignments:
These groups are primarily used for assigning permissions in Exchange Online, SharePoint, and other Microsoft 365 services.
However, they cannot be used for role-based access control (RBAC) or application assignments in Azure AD.
Unlike standard security groups, mail-enabled security groups do not sync properly with Azure AD role assignments, making them ineligible for app access assignments.
D. Groups1 and Groups4 is correct in this scenario.
Yes, all except for the distribution group option here CAN be assigned, but we are to assume default settings for these questions unless otherwise specified.
Once you've looked into this question a little ask yourself this question and you'll realize the solution: What is the default setting for Microsoft 365 "SecurityEnabled" flag?
To use a Microsoft 365 Group for security-related tasks, such as application assignments or Conditional Access policies, the SecurityEnabled property must be explicitly set to True.
I have tested also and these 3 groups i can add, Gropup 1 (Security), Group 3(Microsoft 365) and Group 4 (Mail-enabled Security), but it could never be Distribution list, some answers shows that distribution list can also be added but it is 100% wrong
Group-based assignment requires Microsoft Entra ID P1 or P2 edition. Group-based assignment is supported for Security groups, Microsoft 365 groups, and Distribution groups whose SecurityEnabled setting is set to True only. https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal
E. Group1 and Group3
Group-based assignment requires Microsoft Entra ID P1 or P2 edition. Group-based assignment is supported for Security groups and Microsoft 365 groups whose SecurityEnabled setting is set to True only. Nested group memberships aren't currently supported.
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal
La asignación basada en grupos requiere la edición Microsoft Entra ID P1 o P2. La asignación basada en grupos se admite para grupos de seguridad y grupos de Microsoft 365 cuya SecurityEnabledconfiguración está establecida en Truesolo. Actualmente no se admiten membresías de grupos anidados
Answer D
I tested and if you create M365 Group from Admin Centre, then I wasn't able to add it to the Enterprise application. If you create it from Azure portal you would be able to add it.
You don't know where the M365 group was created, so it is better to play a safe bet going with Security group and mail-enabled security group.
Answer is D (Group1 and Group4)
In Azure AD, you can only assign Security groups and Mail-enabled Security groups to an enterprise application. These types of groups have the necessary permissions for assigning to applications. Distribution groups and Microsoft 365 groups are used for different purposes like email communication and collaboration, and lack the necessary permissions that are required for application assignment.
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal
In the "Assign a group" section, it mentions that "Any type of security group can be assigned to an application for the purposes of assigning users or groups to the app."
This clarifies that Security Groups, and by extension Mail-enabled Security groups, can be assigned to an application. It doesn't mention Distribution groups or Microsoft 365 groups, which are not generally used for managing security or application assignments.
Answer: E
Group-based assignment requires Microsoft Entra ID P1 or P2 edition. Group-based assignment is supported for Security groups and Microsoft 365 groups whose SecurityEnabled setting is set to True only. Nested group memberships aren't currently supported.
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/assign-user-or-group-access-portal?pivots=portal
This section is not available anymore. Please use the main Exam Page.SC-300 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HelloItsSam
Highly Voted 2 years, 2 months agooopspruu
1 year, 7 months agoHartMS
1 year agoArjanussie
2 years, 1 month agof2bf85a
1 year, 12 months agooopspruu
Highly Voted 1 year, 7 months agoObi_Wan_Jacoby
Most Recent 3 days, 8 hours agoObi_Wan_Jacoby
3 days, 8 hours agoCams420
3 months, 2 weeks agoFrank9020
2 months, 2 weeks agoLabelfree
5 months agoBRZSZCL
5 months, 3 weeks agomartutene
6 months agoSc300ExamDemo
11 months agoNICKTON81
11 months, 3 weeks agoJuanZ
12 months agoHartMS
1 year agoKRISTINMERIEANN
1 year agoANiMOSiTYOP
1 year, 1 month agoSaynot
1 year, 1 month agoitismadu
1 year, 5 months agoACSC
1 year, 6 months agodule27
1 year, 9 months ago