Microsoft Azure Architect Design (AZ-301) Practice Exam

What is the recommended solution for adding external developers to the Contributor role in an Azure subscription?

• A. Create service accounts for the developers
• B. Create guest accounts in the Azure AD tenant
• C. Assign the role through Azure DevOps
• D. Invite developers to join Office 365 groups

The correct answer is: Create guest accounts in the Azure AD tenant

Creating guest accounts in the Azure Active Directory (Azure AD) tenant is the recommended solution for adding external developers to the Contributor role in an Azure subscription. This approach allows external developers to be securely integrated into the Azure environment while maintaining control over their access and permissions. When you create guest accounts, you can give these external users specific roles and permissions without needing to create separate service accounts or compromising the security of your system. This method also ensures that external collaborators adhere to the policies set within your Azure environment. By leveraging Azure AD, guest users can utilize their existing accounts from other services like Google or their work emails, which simplifies the onboarding process. Furthermore, integrating external users as guests within your Azure AD allows for better monitoring and governance of their activities, as access permissions can be managed and audited through Azure's role-based access control (RBAC) system. The accountability and traceability offered through guest accounts make this the best practice for collaborating with external developers. This solution stands out alongside the other options. For instance, creating service accounts could lead to unnecessary complexity and the need for additional account management, while assigning roles through Azure DevOps would not give external users the necessary access at the subscription level. Inviting developers to join Office 365 groups might not directly