Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. Microsoft
  5. AZ-104

Microsoft AZ-104 Exam
Microsoft Azure Administrator (Page 8 )

Updated On: 12-Jan-2026
Page 8 of 110
PDF with 553 Questions

You have an Azure subscription linked to a Microsoft Entra tenant. The tenant includes a user account named User1.
You need to ensure that User1 can assign a policy to the tenant root management group. What should you do?

  1. Assign the Owner role for the Azure Subscription to User1, and then modify the default conditional access policies.
  2. Assign the Owner role for the Azure subscription to User1, and then instruct User1 to configure access management for Azure resources.
  3. Assign the Global administrator role to User1, and then instruct User1 to configure access management for Azure resources.
  4. Create a new management group and delegate User1 as the owner of the new management group.

Answer(s): C

Explanation:

The following chart shows the list of roles and the supported actions on management groups.


Note:
Each directory is given a single top-level management group called the "Root" management group. This root management group is built into the hierarchy to have all management groups and subscriptions fold up to it. This root management group allows for global policies and Azure role assignments to be applied at the directory level. The Microsoft Entra Global Administrator needs to elevate themselves to the User Access Administrator role of this root group initially. After elevating access, the administrator can assign any Azure role to other directory users or groups to manage the hierarchy. As administrator, you can assign your own account as owner of the root management group.


Reference:

https://docs.microsoft.com/en-us/azure/governance/management-groups/overview



HOTSPOT (Drag and Drop is not supported)
You have a Microsoft Entra tenant named adatum.com. Adatum.com contains the groups in the following table.


You create two user accounts that are configured as shown in the following table.


Of which groups are User1 and User2 members? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: Group 1 only First rule applies
Box 2: Group1 and Group2 only Both membership rules apply.


Reference:

https://docs.microsoft.com/en-us/sccm/core/clients/manage/collections/create-collections



HOTSPOT (Drag and Drop is not supported)
You have a hybrid deployment of Microsoft Entra ID that contains the users shown in the following table.


You need to modify the JobTitle and UsageLocation attributes for the users.
For which users can you modify the attributes from Microsoft Entra ID? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Hot Area:

  1. See Explanation section for answer.

Answer(s): A

Explanation:



Box 1: User1 and User3 only
You must use Windows Server Active Directory to update the identity, contact info, or job info for users whose source of authority is Windows Server Active Directory.
Box 2: User1, User2, and User3 Reference:
https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-users-profile-azure-portal



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that a Microsoft Entra user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Network Contributor role at the subscription level to Admin1. Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Your account must meet one of the following to enable traffic analytics:
Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.


Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq



Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You need to ensure that a Microsoft Entra user named Admin1 is assigned the required role to enable Traffic Analytics for an Azure subscription.
Solution: You assign the Owner role at the subscription level to Admin1. Does this meet the goal?

  1. Yes
  2. No

Answer(s): A

Explanation:

Your account must meet one of the following to enable traffic analytics:
Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.


Reference:

https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq



Viewing page 8 of 110
Viewing questions 36 - 40 out of 553 questions



Post your Comments and Discuss Microsoft AZ-104 exam prep with other Community members:

Join the AZ-104 Discussion