Microsoft Exam AZ-800 Topic 7 Question 11 Discussion

Actual exam question for Microsoft's AZ-800 exam

Question #: 11
Topic #: 7

You have an Azure Active Directory Domain Services (Azure AD DS) domain named contoso.com.

You need to provide an administrator with the ability to manage Group Policy Objects (GPOs). The solution must use the principle of least privilege.

To which group should you add the administrator?

AAAD DC Administrators

BDomain Admins

CSchema Admins

DEnterprise Admins

EGroup Policy Creator Owners

Show Suggested Answer

Suggested Answer: B

Only the Domain Admins group and the Enterprise Admins group can fully manage GPOs. Members of the Group Policy Creator Owners group can create new GPOs but they can't link the GPOs to sites, the domain or OUs and they cannot manage existing GPOs.

by Ahmed at Jun 15, 2022, 11:23 AM

Limited Time Offer

25%

Off

Get Premium AZ-800 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

LukiDuc

2 years ago

Explanation would be good if we considered standard on-premise AD, but for AZURE AD DS MS article says: "To administer group policy in a managed domain, you must be signed in to a user account that's a member of the AAD DC Administrators group" (https://docs.microsoft.com/en-us/azure/active-directory-domain-services/manage-group-policy)

upvoted 1 times

...