Microsoft Azure Architect Design (AZ-301) Practice Exam

What is the appropriate solution to grant temporary permissions to developers for starting or stopping Azure virtual machines?

• A. Conditional access policy
• B. Privileged Identity Management for Azure resources
• C. Just-in-time VM access
• D. Azure AD Free license

The correct answer is: Privileged Identity Management for Azure resources

The appropriate solution for granting temporary permissions to developers for managing Azure virtual machines is Privileged Identity Management (PIM) for Azure resources. PIM enables organizations to control access to important resources by providing just-in-time access, meaning that users can activate roles only when they need them, rather than having permanent permissions. This is crucial for adhering to the principle of least privilege, which minimizes the risk of unauthorized access or unintentional changes to resources. With PIM, developers can request temporary access to roles that allow them to start or stop virtual machines, and these permissions can be configured to automatically expire after a specified duration. This allows for a more secure and compliant environment, where permissions are granted only as necessary and only for a specific period. Additionally, PIM provides robust auditing capabilities, allowing organizations to keep track of who has had elevated privileges and when, offering enhanced oversight. Other options are less suitable for this specific requirement. Conditional access policies focus on managing user access based on conditions and criteria rather than granting temporary permissions. Just-in-time VM access is designed to help secure virtual machines by allowing access only when needed, but it is not specifically aimed at managing detailed role-based access permissions like PIM does. Azure AD Free licenses provide basic directory services but