Microsoft Azure Administrator Associate AZ-104 Practice Question
An organization with multiple departments wants to delegate password reset permissions to department-specific administrators so they can manage user passwords only within their own department. How can this be accomplished in Azure Entra ID?
Apply Conditional Access Policies to restrict password reset operations
Create security groups for each department and assign administrators to manage those groups
Assign roles to administrators scoped to users in each department using Administrative Units
Use Azure AD Privileged Identity Management to assign roles
Administrative units in Azure Entra ID allow you to delegate administrative permissions to specific subsets of users. By creating administrative units for each department and assigning roles scoped to those units, you can ensure that administrators have permissions only over users in their department. Azure AD Privileged Identity Management helps manage privileged roles but does not scope permissions to specific subsets of users. Conditional Access Policies control access conditions but do not delegate administrative permissions. Security groups are useful for grouping users but do not restrict administrative scope for role assignments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Administrative Units in Azure Entra ID?
Open an interactive chat with Bash
How do you create and manage Administrative Units in Azure Entra ID?
Open an interactive chat with Bash
What are the benefits of delegating password reset permissions using Administrative Units?
Open an interactive chat with Bash
Microsoft Azure Administrator Associate AZ-104
Manage Azure identities and governance
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access