Which Azure service will he make use of?

The cloud administrator John was assigned a task to create a different subscription for each division of his organization. He has to ensure all the subscriptions are linked to a single Azure AD tenant and each subscription has identical role assignments.

Which Azure service will he make use of?
A . Azure AD Privileged Identity Management
B . Azure AD Multi-Factor Authentication
C . Azure AD Identity Protection
D . Azure AD Self-Service Password Reset

View Answer

Answer: A

Explanation:

To manage multiple subscriptions under a single Azure AD tenant with identical role assignments, Azure AD Privileged Identity Management (PIM) is the service that provides the necessary capabilities.

Link Subscriptions to Azure AD Tenant: John can link all the different subscriptions to the single Azure AD tenant to centralize identity management across the organization1.

Manage Role Assignments: With Azure AD PIM, John can manage, control, and monitor access within Azure AD, Azure, and other Microsoft Online Services like Office 365 or Microsoft 3652.

Identical Role Assignments: Azure AD PIM allows John to configure role assignments that are consistent across all subscriptions. He can assign roles to users, groups, service principals, or managed identities at a particular scope3.

Role Activation and Review: John can require approval to activate privileged roles, enforce just-in-time privileged access, require reason for activating any role, and review access rights2.

Reference: Azure AD PIM is a feature of Azure AD that helps organizations manage, control, and monitor access within their Azure environment. It is particularly useful for scenarios where there are multiple subscriptions and a need to maintain consistent role assignments across them23.