Microsoft Azure Architect Design (AZ-304) Practice Test

What should you do if you need to revoke access permissions automatically for developers after a month if no verification is received?

• A. Create a custom role assignment in Azure AD
• B. Set up an email notification to the developers
• C. Implement Azure Automation to manage revocation
• D. Use Azure Security Center for compliance tracking

The correct answer is: Implement Azure Automation to manage revocation

Implementing Azure Automation to manage the revocation of access permissions is a viable solution when there's a need to automate processes based on specific criteria, such as time periods. In this scenario, since you want to automatically revoke access permissions for developers after a month without receiving verification, Azure Automation can be utilized to create workflows that monitor the permissions assigned to developers. You can set up a runbook that checks for the verification status and the timestamp of the permissions granted. If the verification is not received after a month, the runbook can trigger the necessary actions to revoke access automatically. This automation ensures consistent enforcement of your access policies without requiring manual intervention, thus improving efficiency and compliance. In contrast, creating a custom role assignment in Azure AD would simply define roles and permissions but would not automate the revocation process. Setting up an email notification would alert developers but wouldn't affect their access status, merely serving as a reminder. Using Azure Security Center for compliance tracking provides a general overview of security posture and could help in auditing but does not directly automate the revocation process. Therefore, Azure Automation is the most fitting choice for this requirement.