Microsoft Azure Architect Design (AZ-304) Practice Test

The best way for Contoso to assign the Contributor role to Fabrikam developers in their Azure subscription is through Azure Role Assignment via the Azure Portal. This approach allows Contoso to grant specific permissions to users, groups, and service principals.

Using the Azure Portal for role assignments provides a straightforward interface for managing access control within Azure resources. When the Contributor role is assigned, it grants users the necessary permissions to manage resources in the subscription without the ability to grant access to others, effectively allowing them to manage resources while keeping security intact.

In contrast, while Azure AD roles manage access at a directory level, they do not inherently provide the granular role-based access needed for Azure resources specifically. Azure AD Connect primarily synchronizes identities with on-premises directories but is not used for direct role assignment in Azure. Azure AD B2B collaboration, although useful for allowing external users to access resources, does not directly facilitate role assignments within Azure subscriptions like the Role Assignment does through the Azure Portal.