Question

Your company has multiple departments and one azure subscription. the user accounts for all employees are in the same microsoft entra tenant. you need to delegate permissions for the users in a single department only. what should you use to organize the user accounts?

A. Administrative Unit
B. Security Group
C. Resource Group
D. Workspace

Answer 1

To delegate permissions for the users in a single department on Microsoft Entra, you should use an Administrative Unit. This feature allows for localized management of users and specific departmental permissions without impacting other areas of the organization.

Step-by-step explanation:

To delegate permissions for the users in a single department using Microsoft Entra (formerly Azure Active Directory), you should use an Administrative Unit. Administrative Units are containers within Azure AD that enable fine-grained delegation of administrative roles and allow for more localized administration of users. With an Administrative Unit, you can grant department-specific permissions without affecting other departments or the entire tenant.

While a Security Group is often used for granting access to resources, they aren't meant to delegate administrative permissions. Resource Groups are used within Azure to manage resources, but do not apply to user account management. Finally, a Workspace is not a relevant concept in this context as it generally pertains to a grouping within an application or service for collaboration and is not used for Azure AD user management.

Answer 2

To delegate permissions for users in a specific department, an Administrative Unit should be used within the Microsoft Entra tenant. This approach allows for precise control and management over user permissions at the departmental level.

Step-by-step explanation:

To delegate permissions for users in a single department within a Microsoft Entra tenant, the best option would be to use an Administrative Unit. Administrative Units are designed to provide scoped administrative roles that are limited to specific users within an organization, making them ideal for delegating permissions on a departmental basis without affecting other departments or the entire organization.

An Administrative Unit allows you to group users and apply permissions to just that group, which can be incredibly useful in a company with multiple departments using a single Azure subscription. Security Groups and Resource Groups do not offer the same level of focused delegation for user accounts, and Workspaces are not directly related to user account organization within Microsoft services.