What is the least privilege solution to allow User1 to create managed identities in Azure?

Study for the Microsoft Azure Security Technologies (AZ-500) exam. Prepare with well-structured questions and detailed explanations. Enhance your understanding and improve your readiness for the certification exam!

Assigning User1 the Managed Identity Contributor role within a resource group is the least privilege solution for allowing the creation of managed identities in Azure. The Managed Identity Contributor role is specifically designed to permit users to create and manage managed identities for Azure resources. This role effectively provides the necessary permissions without granting excessive access to other resources or management capabilities within the Azure environment, aligning with the principle of least privilege.

The context of this role is important; it focuses specifically on the management of identities rather than broader permissions that could impact the security and governance of Azure resources. By placing the user within a resource group, the permissions are scoped, ensuring that User1 can only operate within that specific resource group's context, further enhancing the security posture by limiting the exposure to other critical resources.

In contrast, other options provide either roles that are too broad in scope or entirely unrelated to managing identities. For instance, roles like Hybrid Identity Administrator and User Administrator cover a wide range of permissions concerning overall identity management or user account creation without focusing solely on managed identities. Therefore, the Managed Identity Contributor role serves as the most appropriate and restricted option for the requirements stated in the question.

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy