exam questions

Exam SC-300 All Questions

View all questions & answers for the SC-300 exam

Exam SC-300 topic 2 question 48 discussion

Actual exam question from Microsoft's SC-300
Question #: 48
Topic #: 2
[All SC-300 Questions]

DRAG DROP
-

You have a Microsoft 365 E5 subscription and an Azure subscription.

You need to meet the following requirements:

• Ensure that users can sign in to Azure virtual machines by using their Microsoft 365 credentials.
• Delegate the ability to create new virtual machines.

What should you use for each requirement? To answer, drag the appropriate features to the correct requirements. Each feature may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content.

NOTE: Each correct selection is worth one point.

Show Suggested Answer Hide Answer
Suggested Answer:

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
dobriv
Highly Voted 1 year, 10 months ago
There is no Azure AD built in role, which can create virtual machine. Only some Azure built in roles can do it. So I vote for both Azure RBAC.
upvoted 21 times
...
mancio
Highly Voted 1 year, 10 months ago
1. Azure RBAC https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#configure-role-assignments-for-the-vm 2. Azure Built in Roles https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#classic-virtual-machine-contributor
upvoted 7 times
Nail
4 months, 3 weeks ago
Careful. Option 2 is really just Azure RBAC as well. The link for Azure AD built-in roles is this: https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/permissions-reference BUT, the answer is Azure RBAC for BOTH.
upvoted 1 times
...
Hull
1 year, 7 months ago
Careful, the provided option is Azure AD built-in roles, not Azure built-in roles. If it was only Azure, I'd agree, but given that it's Azure AD, both should be RBAC.
upvoted 3 times
...
...
d1e85d9
Most Recent 3 days, 3 hours ago
Given answers are correct.
upvoted 1 times
...
Rackup
1 week, 3 days ago
A quick way to see why both requirements use Azure RBAC is to remember that: Letting users sign in to an Azure VM with their M365 (Entra) credentials requires assigning them either the Virtual Machine Administrator Login or Virtual Machine User Login role at the VM (or resource group/subscription) scope. Those roles are part of Azure role‐based access control (RBAC), not Azure AD built‐in roles or managed identities. Delegating VM creation is also an Azure RBAC task, typically by assigning a built‐in role such as “Contributor” or “Virtual Machine Contributor” on the desired scope. Therefore, both “Allow users to sign in to Azure VMs with Microsoft 365 credentials” and “Delegate the ability to create new VMs” are accomplished via Azure RBAC.
upvoted 1 times
...
RemmyT
9 months, 1 week ago
RBAC : Virtual Machine User Login RBAC : VM Contributor
upvoted 1 times
...
emartiy
11 months, 3 weeks ago
Both are Azure role-basd access control (RBAC) https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#role-based-access-control-administrator-preview
upvoted 1 times
emartiy
11 months, 3 weeks ago
What is the difference between Azure roles and Azure AD roles? 1 Answer. Assigned roles are Azure AD administrator roles, for accessing Azure AD and other Microsoft 365 platforms such as Exchange and SharePoint. Azure role assignments (may also be referred to as Azure RBAC roles) are for accessing Azure resources such as virtual machines, storage accounts, subscriptions, etc.11 Kas 2022
upvoted 1 times
...
...
Foggy31
1 year, 5 months ago
Both RBAC There is no Azure AD build in roles to delegate creation of VM's that's in Azure built in Roles (without AD ;) )
upvoted 1 times
...
stack120566
1 year, 10 months ago
In order to log on with 365 creds. The computers must be ad joined. in turn This implies device administrator role. < Azure -AD -devices- device settings - device administrators > 1= active directory role 2. custom RBAC role fashioned upon the vm contributor role
upvoted 3 times
...
f2bf85a
1 year, 11 months ago
1. Azure RBAC https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#configure-role-assignments-for-the-vm
upvoted 1 times
...
ThotSlayer69
2 years, 1 month ago
Delegation is handled via using the built-in roles in the Azure Virtual Desktop RBAC, very confusing but that means it's not built-in AD roles, so I'd say they're both Azure RBAC
upvoted 4 times
Zak366
2 years ago
You are right, to shed light on first options, following the links for azure role assignments, you can see in instructions the "Role: Virtual Machine User Login" from portal.azure.com>ResourceGroup (that contains VM)>IAM>add role, once this role is selected, you can assign members within tenant that are O365 users (technically)
upvoted 1 times
...
...
oscarpopi
2 years, 1 month ago
Given answer is correct. 1. Azure RBAC https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#configure-role-assignments-for-the-vm 2. Azure Built in Roles https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles
upvoted 2 times
Techfall
2 years, 1 month ago
Azure Built in Roles is not one of the options. It shows Azure _AD_ Built in Roles: https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference
upvoted 3 times
...
...
Halwagy
2 years, 1 month ago
Azure AD managed Identities Azure Role-based access control
upvoted 5 times
Halwagy
2 years, 1 month ago
My mistake, both of them is Azure Role-based access control https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows#configure-role-assignments-for-the-vm
upvoted 13 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago