Your company recently implemented Azure Active Directory (Azure AD) Privileged Identity Management (PIM).
While you review the roles in PIM, you discover that all 15 users in the IT department at the company have permanent security administrator rights.
You need to ensure that the IT department users only have access to the Security administrator role when required.
What should you configure for the Security administrator role assignment?

A. Expire eligible assignments after from the Role settings details

B. Expire active assignments after from the Role settings details

C. Assignment type to Active

D. Assignment type to Eligible

Your network contains an on-premises Active Directory domain that syncs to an Azure Active Directory (Azure AD) tenant-
Users sign in to computers that run Windows 10 and are joined to the domain.
You plan to implement Azure AD Seamless Single Sign-On (Azure AD Seamless SSO).
You need to configure the computers for Azure AD Seamless SSO.
What should you do?

A. Enable Enterprise State Roaming

B. Configure Sign-in options

C. Install the Azure AD Connect Authentication Agent.

D. Modify the Intranet Zone settings.

You have an Azure Active Directory (Azure AD) tenant.
You configure self-service password reset (SSPR) by using the following settings:

• Require users to register when signing in: Yes
• Number of methods required to reset: 1

What is a valid authentication method available to users?

A. home prions

B. mobile app notification

C. a mobile app code

D. an email to an address in your organization

You have a Microsoft Entra tenant.
You need to ensure that only users from specific external domains can be invited as guests to the tenant.
Which settings should you configure?

A. Cross-tenant access settings

B. External collaboration settings

C. Linked subscriptions

D. All identity providers

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it as a result these questions will not appear in the review screen.
You have a Microsoft 365 E5 subscription.
You create a user named User1.
You need to ensure that User1 can update the status of identity Secure Score improvement actions.
Solution: You assign the User Administrator role to User1.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 tenant that uses the domain named fabrikam.com. The Guest invite settings for Azure Active Directory (Azure AD) are configured as shown in the exhibit. (Click the Exhibit tab.)

A. User2 only

B. User1 only

C. User1 and User2 only

D. User1, User2, and User3

You have a Microsoft Entra tenant that contains a user named User1.
An administrator deletes User1. You need to identify the following:

• What is the maximum number of days for which you have the option to restore the User1 account?
• Which is the least privileged role that can be used to restore User1?

To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have an Azure subscription that contains a user named User1. The subscription is onboarded to Microsoft Entra Permissions Management. You need to provide User! with access to Permissions Management. The solution must meet the following requirements:

• Follow the principle of least privilege.
• Minimize administrative effort.

What should you do first?

A. From the Microsoft Entra admin center, create a security group.

B. From the Role/Policy Template subtab of Permissions Management, create a template

C. From the Microsoft Entra admin center, assign a role to User1.

D. From the My Requests subtab of Permissions Management, create a new request

You have a Microsoft Entra tenant.
You discover that a large number of new apps were added to the tenant.
You need to implement an approval process for new enterprise applications. What should you do?

A. From the Microsoft Defender portal, create a Cloud Discovery anomaly detection policy

B. From the Microsoft Entra admin center, configure the Admin consent settings

C. From the Microsoft Defender portal, configure an app connector

D. From the Microsoft Entra admin center, configure an access review

Your network contains an on-premises Active Directory Domain Services (AD DS) domain that syncs with Azure AD and contains the users shown in the following table.