Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Microsoft Exam AZ-800 Topic 7 Question 11 Discussion

Actual exam question for Microsoft's AZ-800 exam
Question #: 11
Topic #: 7
[All AZ-800 Questions]

You have an Azure Active Directory Domain Services (Azure AD DS) domain named

You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.

To which group should you add the administrator?

Show Suggested Answer Hide Answer
Suggested Answer: B

Only the Domain Admins group and the Enterprise Admins group can fully manage GPOs. Members of the Group Policy Creator Owners group can create new GPOs but they can't link the GPOs to sites, the domain or OUs and they cannot manage existing GPOs.

Contribute your Thoughts:

2 years ago
Explanation would be good if we considered standard on-premise AD, but for AZURE AD DS MS article says: "To administer group policy in a managed domain, you must be signed in to a user account that's a member of the AAD DC Administrators group" (
upvoted 1 times

Save Cancel