Your company has a Microsoft 365 tenant.
All users have computers that run Windows 10 and are joined to the Azure Active Directory (Azure AD) tenant.
The company subscribes to a third-party cloud service named Service1. Service1 supports Azure AD authentication and authorization based on OAuth. Service1 is published to the Azure AD gallery.
You need to recommend a solution to ensure that the users can connect to Service1 without being prompted for authentication. The solution must ensure that the users can access Service1 only from Azure AD-joined computers. The solution must minimize administrative effort.
What should you recommend for each requirement? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.

You have a Microsoft 365 subscription that contains a user named User1.
You need to ensure that User1 can create access reviews for Azure AD roles. The solution must use the principal of least privilege.
Which role should you assign to User1?

A. Privileged role administrator

B. Identify Governance administrator

C. User administrator

D. User Access Administrate

You have an Azure subscription that contains the users shown in the following table.

You need to implement Azure AD Privileged Identity Management (PIM). Which users can use PIM to activate their role permissions?

A. Admin! only

B. Admin2 only

C. Admin3 only

D. Admin1 and Admin2 only

E. Admin2 and Admin3 only

F. Admin1, Admin2, and Admin3

You have an Azure Ad tenant that contains the users show in the following table.

A. User1 only

B. User2 only

C. User3 only

D. User1 and User2 only

E. User1 and User3 only

F. User1, User2, and User3

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You use Azure Monitor to analyze Azure Active Directory (Azure AD) activity logs.
You receive more than 100 email alerts each day for failed Azure AD user sign-in attempts.
You need to ensure that a new security administrator receives the alerts instead of you.
Solution: From Azure AD, you modify the Diagnostics settings.
Does this meet the goal?

A. Yes

B. No

You have a Microsoft 365 E5 subscription. You need to ensure that users are prompted to accept a custom terms of use (Toll) agreement when they sign in to the subscription. What should you configure?

A. an access package

B. a Conditional Access policy

C. a lifecycle workflow

D. an authentication method

You have a new Microsoft 365 tenant that uses a domain name of contoso.onmicrosoft.com.
You register the name contoso.com with a domain registrar.
You need to use contoso.com as the default domain name for new Microsoft 365 users.
Which four actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

You have an Azure subscription that contains a virtual machine named VM1. VM1 has the following configurations:

• Private IP address: 172.16.1.5
• Public IP address 10fl.143.16U5
• System-assigned managed identity status: On

You install an app named App1 on VM1.
You need to configure App1 to request a managed identity app-only access token. Which IP address should App1 use for the request?

A. 108.143.161.25

B. 127.0.0.1

C. 169.254.169.254

D. 172.1615

You plan to deploy a new Azure AD tenant.
Which multifactor authentication (MFA) method will be enabled by default for the tenant?

A. Microsoft Authenticator

B. SMS

C. voice call

D. email OTP

You have a Microsoft 365 E5 subscription.
You need to create a Microsoft Defender for Cloud Apps session policy.
What should you do first?

A. From the Microsoft Defender for Cloud Apps portal, select User monitoring.

B. From the Microsoft Defender for Cloud Apps portal, select App onboarding/maintenance

C. From the Azure Active Directory admin center, create a Conditional Access policy.

D. From the Microsoft Defender for Cloud Apps portal, create a continuous report.