Discover the essential role for enabling a user to implement Azure AD Privileged Identity Management (PIM) within your company’s Azure subscription. Learn how to grant the necessary permissions for effective PIM management.
Table of Contents
Question
Your company recently created an Azure subscription.
You have been tasked with making sure that a specified user is able to implement Azure AD Privileged Identity Management (PIM).
Which of the following is the role you should assign to the user?
A. The Global administrator role.
B. The Security administrator role.
C. The Password administrator role.
D. The Compliance administrator role.
Answer
A. The Global administrator role.
Explanation
To start using PIM in your directory, you must first enable PIM.
Sign in to the Azure portal as a Global Administrator of your directory.
You must be a Global Administrator with an organizational account (for example, @yourdomain.com), not a Microsoft account (for example, @outlook.com), to enable PIM for a directory.
Scenario: Technical requirements include: Enable Azure AD Privileged Identity Management (PIM) for contoso.com
To ensure that a specified user can implement Azure AD Privileged Identity Management (PIM) within your company’s Azure subscription, you should assign them the Global administrator role (Option A).
The Global administrator role is the highest-level role in Azure Active Directory and grants the user complete control over all administrative features. This role is essential for implementing and managing PIM, as it provides the necessary permissions to configure and oversee privileged access to your Azure resources.
Here’s why the other options are not suitable for this task:
B. The Security administrator role: While this role can manage security-related features, such as conditional access policies and identity protection, it does not have sufficient permissions to fully implement and manage PIM.
C. The Password administrator role: This role is focused on managing user passwords and does not have the necessary permissions to implement or manage PIM.
D. The Compliance administrator role: This role is responsible for managing compliance-related features, such as data loss prevention and information governance. It does not have the required permissions to implement or manage PIM.
In summary, to grant a user the ability to implement Azure AD Privileged Identity Management within your company’s Azure subscription, you should assign them the Global administrator role. This role provides the highest level of administrative control and ensures that the user has the necessary permissions to effectively manage PIM.
Microsoft AZ-500 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft AZ-500 exam and earn Microsoft AZ-500 certification.