Microsoft Azure Architect Design (AZ-304) Practice Test

What step should you take to verify the access permissions of external developers in Azure that requires minimal effort?

• A. Create an access policy in Azure AD
• B. Set up a monthly email listing access permissions to the application
• C. Implement an Azure Automation runbook to check permissions
• D. Create a custom role assignment for the application resources

The correct answer is: Set up a monthly email listing access permissions to the application

The choice of setting up a monthly email listing access permissions to the application can be seen as an effective option due to its low effort requirement. This method allows for the periodic review of access permissions without the need for complex configurations or automation. By simply generating a report of access permissions and distributing it via email, stakeholders can quickly assess who has access to the application and make informed decisions based on that information. While creating an access policy in Azure AD would ensure a structured and defined access management process, it typically involves more effort to set up, reflecting a higher administrative burden. Similarly, implementing an Azure Automation runbook would require scripting and ongoing maintenance, which is more labor-intensive. Creating a custom role assignment for application resources, while beneficial for fine-tuning access, demands a deeper understanding of roles and could lead to increased complexity in management. Thus, the process of sending a regular email report is simpler and takes minimal effort, providing a straightforward method to regularly verify access permissions without needing extensive system modification or ongoing management.