Microsoft Azure Architect Design (AZ-301) Practice Exam

Which solution is suitable for identifying inactive administrative accounts in Azure AD?

• A. Azure AD Privileged Identity Management
• B. Azure Active Directory Identity Protection
• C. Azure Monitor Logs
• D. Azure Advisor

The correct answer is: Azure AD Privileged Identity Management

The correct solution for identifying inactive administrative accounts in Azure AD is Azure AD Privileged Identity Management (PIM). PIM is specifically designed to manage, control, and monitor access within Azure Active Directory (Azure AD). It includes capabilities to enable just-in-time access for administrative roles, and it also helps organizations meet the principle of least privilege by ensuring that administrative accounts are only active when needed. One of the key features of PIM is its ability to track and review the usage of privileged accounts, which can help identify accounts that have not been used over a specific period. This functionality plays a critical role in maintaining security by allowing administrators to spot and take action on inactive accounts that may pose a security risk if left unchecked. Other options, while valuable for different aspects of Azure management, do not specifically focus on identifying inactive administrative accounts. Azure Active Directory Identity Protection primarily deals with risk detection and conditional access policies to protect users from identity compromises. Azure Monitor Logs provide insights into operational data and monitoring performance but are not tailored for identifying inactive accounts. Azure Advisor offers personalized best practices for Azure services but does not drill down into the specifics of account activity or status.