Free Preparation Discussions
MENU
Microsoft SC-300 Exam - Topic 1 Question 131 Discussion
Topic #: 1
You have a Microsoft Exchange organization that uses an SMTP address space of contoso.com.
Several users use their contoso.com email address for self-service sign-up to 1 Microsoft Entra.
You gain global administrator privileges to the Microsoft Entra tenant that contains the self-signed users.
You need to prevent the users from creating user accounts in the contoso.com 2 Microsoft Entra tenant for self-service sign-up to Microsoft 365 services.
Which PowerShell cmdlet should you run?
According to the Microsoft SC-300 Study Guide and Microsoft Learn module: ''Manage Microsoft Entra domains and custom domain names'', when users perform self-service sign-up (email verified users) using a public domain such as contoso.com, Microsoft Entra creates a shadow tenant that you can later claim ownership of by verifying the DNS domain.
Once you become the Global Administrator of the verified tenant, you can control domain behavior, including blocking self-service sign-up using that domain. To disable further self-service creation of accounts for that domain, you must modify the domain configuration using the Update-MgDomain PowerShell cmdlet.
The cmdlet Update-MgDomain allows you to change properties of the domain, such as IsDefault, IsVerified, and crucially, blocking self-service sign-ups.
Example:
Update-MgDomain -DomainId contoso.com -IsAdminManaged $true
This action prevents external or unverified users from using @contoso.com email addresses for new self-service sign-ups.
Other options like Update-MgPolicyAuthorizationPolicy, Update-MgPolicyPermissionGrantPolicyExclude, and Update-MgDomainFederationConfiguration are used for tenant-wide access, permission grants, or federated authentication but not to block self-service domain registration.
Currently there are no comments in this discussion, be the first to comment!