You manage the on-premises and cloud for a company. Employees use Microsoft Office 365 to collaborate and
manage product development. They authenticate to Azure Active Directory (Azure AD) to access all onpremises and cloud-based resources.
You must grant employees access to several custom-built applications.
You need to ensure that you can automatically add or remove employee access to Office 365 based on
employee group memberships or attributes.
What should you use?
A.
Active Directory Configuration
B.
Advanced Rules for an Active Directory Group.
C.
Application Access to Active Directory
D.
The Users group in Active Directory
Shouldn’t this be Dynamic group membership?
0
0
We suppose Azure AD Connect is implemented since the users are accessing on-prem and on-cloud (o365)resources.
So I would go for D
3
0
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-groups-dynamic-membership-azure-portal
In Azure Active Directory (Azure AD), you can create advanced rules to enable complex attribute-based dynamic memberships for groups. This article details the attributes and syntax to create dynamic membership rules for users or devices. You can set up a rule for dynamic membership on security groups or Office 365 groups.
When any attributes of a user or device change, the system evaluates all dynamic group rules in a directory to see if the change would trigger any group adds or removes. If a user or device satisfies a rule on a group, they are added as a member of that group. If they no longer satisfy the rule, they are removed.
3
0