Microsoft Azure Architect Design (AZ-301) Practice Exam

What solution should you recommend to ensure that group owners are emailed monthly about their group memberships in Azure AD?

• A. Azure AD Identify Protection
• B. Tenant Restrictions
• C. Azure AD access reviews
• D. Conditional access policies

The correct answer is: Azure AD access reviews

Recommending Azure AD access reviews is the right solution for ensuring that group owners receive monthly emails regarding their group memberships in Azure Active Directory (Azure AD). Access reviews allow administrators to review and manage user access to groups, applications, and other resources within Azure AD effectively. When setting up access reviews, administrators can define review frequency—monthly in this case—thereby generating automated notifications for group owners about their group's membership. This not only helps in maintaining proper access governance but also ensures that group owners have the latest information on who belongs to their groups and can make informed decisions regarding access rights. Moreover, Azure AD access reviews facilitate compliance and security by allowing group owners to verify that the right users have access and that those who no longer need access can be removed in a timely manner. This process inherently includes communication with group owners, aligning perfectly with the requirement for monthly updates via email. The other options do not provide the same targeted solution for monitoring and reporting group membership. For instance, Azure AD Identity Protection focuses more on risk management and user risk evaluation rather than group membership. Tenant Restrictions are used to set policies regarding where applications can be accessed but do not manage group memberships. Conditional access policies are about controlling how and when users comply with security