Question

You have an Azure Active Directory (Azure AD) tenant named and an Azure subscription named DTSub1. You enable Azure AD Privileged Identity Management. You need to secure the members of the Site Recovery Contributor role. The solution must ensure the administrators request access when they create labs. What should you do first?

Answer 1

To secure the members of the Site Recovery Contributor role using Azure AD Privileged Identity Management, first configure the role to require eligible members to request activation when they need to create labs.

Step-by-step explanation:

The first step in securing members of the Site Recovery Contributor role within Azure AD Privileged Identity Management (PIM) is to configure the role settings to require eligible members to request activation. Since you need to ensure administrators request access when they create labs, you would go to the Azure AD PIM in the Azure portal, find the Site Recovery Contributor role, and then adjust its settings to enforce on-demand activation.

You would specify the duration for the role assignment and require an approval process if necessary. This change ensures that administrators can assume the role only when needed and with proper justification, hence reducing the risk of misuse of privileges.