AZ-305 · Question 08 · Domain 1.2: Authentication and Authorization
An enterprise has 50 Azure subscriptions organized under a Management Group hierarchy.
The security policy dictates that no user should have standing (permanent) administrative access to any subscription. When developers need 'Contributor' access to troubleshoot production issues, they must request it. The request must require justification, be approved by a manager, and automatically expire after 4 hours.
You need to design a solution to meet these requirements with the least administrative effort.
What should you recommend?
Answer options:
Implement Microsoft Entra Privileged Identity Management (PIM) and configure role settings for the Contributor role at the Management Group level.
Create a custom Azure Automation runbook that grants Contributor access when triggered by a ServiceNow ticket, and removes it after 4 hours.
Implement Azure AD Entitlement Management and create an Access Package containing the Contributor role for each of the 50 subscriptions.
Configure Microsoft Defender for Cloud Just-In-Time (JIT) VM access for all virtual machines.
55 questions · hints · full answers · grading
Expert