Microsoft Azure Security Technologies (AZ-500)

Which method ensures a user from an external domain can access resources in Azure AD without creating a new user account?

• A. Add a custom domain to the Azure AD tenant
• B. Create an invitation for the user
• C. Grant access using security groups
• D. Enable self-service sign up for external users

The correct answer is: Create an invitation for the user

The correct choice involves creating an invitation for the user, which is a feature of Azure Active Directory (Azure AD) that facilitates the inclusion of external users. This method leverages the Azure AD B2B (Business to Business) collaboration capabilities, allowing organizations to securely share their applications and services with guest users from any domain while maintaining control over their own data. When an organization invites an external user, the user receives an email with an invitation link. Accepting the invitation enables the user to access the resources without needing a new user account to be manually created within the Azure AD tenant. This is particularly advantageous for scenarios involving partners, suppliers, and customers, as it streamlines collaboration while safeguarding the security and integrity of the organization’s resources. In contrast, adding a custom domain to the Azure AD tenant does not directly provide access to external users, as it typically relates to organizational branding and identity management rather than facilitating guest access. Granting access using security groups usually requires the user to already exist in the directory, thus not applicable for external users without prior account creation. Enabling self-service sign up for external users does allow external users to register, but this method still involves creating a new user account in Azure AD once they sign up, differing from the