Home › Azure AZ-104 › cloudcomputing › az104identitygovernance › Which approach satisfies a compliance requiremen…
Which approach satisfies a compliance requirement that admin-level activity on a critical Azure subscription must be reviewed and approved before becoming active?
ASharing the global admin password during incidents only
BEntra PIM with role activation requiring approver consent and an audit trail
CDisabling RBAC entirely on critical subscriptions
DRBAC role assigned permanently with no review process
Answer & Solution
Correct answer: B. Entra PIM with role activation requiring approver consent and an audit trail
Privileged Identity Management supports time-bound, approval-gated, auditable role activations — purpose-built for this requirement. The other options either grant standing privilege or remove auth.
Related questions
Which Entra ID feature lets you require additional verification for a user the moment theiAn organisation has 50 Azure subscriptions and wants to enforce policy and roll up billingWhich Azure construct lets you enforce a rule that "only resources tagged with a `cost-cenAn admin wants to give a contractor read-only access to ONE specific resource group for 30Which Azure feature lets administrators temporarily revoke all changes to a resource — proWhich Entra ID feature lets an organisation invite external users (partners, contractors) Which combination represents the correct Azure resource hierarchy from highest scope to loWhich Azure construct lets administrators enforce "all storage accounts must require HTTPS