Learn about the capabilities of Azure AD global administrators in managing Azure subscriptions and resources. Prepare for the AZ-104 certification exam with this in-depth explanation.
Table of Contents
Question
You have an Azure Active Directory (Azure AD) tenant that contains three global administrators named Admin1, Admin2, and Admin3.
The tenant is associated to an Azure subscription. Access control for the subscription is configured as shown in the Access control exhibit. (Click the Access Control tab.)
You sign in to the Azure portal as Admin1 and configure the tenant as shown in the Tenant exhibit. (Click the Tenant tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.
Hot Area:
- Admin1 can add Admin2 as an owner of the subscription.
- Admin3 can add Admin2 as an owner of the subscription.
- Admin2 can create a resource group in the subscription.
Answer
- Admin1 can add Admin2 as an owner of the subscription: No
- Admin3 can add Admin2 as an owner of the subscription: No
- Admin2 can create a resource group in the subscription: No
Explanation
According to the information provided in the exhibits:
No, Admin1 cannot add Admin2 as an owner of the subscription.
Reason: While Admin1 has global administrator privileges in Azure AD, the “Access management for Azure resources” option is set to “No” for the Admin1 account in the tenant properties. This means Admin1 does not have permissions to manage access to Azure subscriptions and resources.
No, Admin3 cannot add Admin2 as an owner of the subscription.
Reason: Admin3 is not listed in the Access control exhibit, indicating that Admin3 does not have any role or permissions assigned at the subscription scope. As a global administrator, Admin3 would need to have the “Access management for Azure resources” option enabled (which is not shown) to be able to manage subscription access.
No, Admin2 cannot create a resource group in the subscription.
Reason: Based on the Access control exhibit, Admin2 has no roles assigned at the subscription scope. To create a resource group, Admin2 would need to have at least the Contributor role assigned on the subscription or have the “Access management for Azure resources” option enabled as a global administrator (which is not shown).
In summary, the Azure AD global administrator role alone does not grant permissions to manage Azure subscriptions and resources. The “Access management for Azure resources” setting must be enabled for a global administrator to have those capabilities. Additionally, specific roles like Owner or Contributor need to be assigned at the appropriate scopes (subscription or resource group) for users to perform management actions.
Microsoft AZ-104 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft AZ-104 exam and earn Microsoft AZ-104 certification.