Microsoft SC-300 Exam (page: 10)
Microsoft Identity and Access Administrator
Updated on: 09-Feb-2026

You have an Azure AD tenant that contains a user named User1 and a Microsoft 365 group named Group1. User1 is the owner of Group1.
You need to ensure that User1 is notified every three months to validate the guest membership of Group1.
What should you do?

HOTSPOT (Drag and Drop is not supported)
You have a Microsoft Entra tenant that contains a group named Group3 and an administrative unit named Department1.
Department1 has the users shown in the Users exhibit. (Click the Users tab.)
Department1 has the groups shown in the Groups exhibit. (Click the Groups tab.)
The User Administrator role assignments are shown in the Assignments exhibit (Click the Assignments tab.)
The members of Group2 are shown in the Group2 exhibit. (Click the Group2 tab.)
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

HOTSPOT (Drag and Drop is not supported)
Your network contains an on-premises Active Directory Domain Services (AD DS) domain named fabrikam.com. The domain contains an Active Directory Federation Services (AD FS) instance and a member server named Server1 that runs Windows Server. The domain contains the users shown in the following table.
You have a Microsoft Entra tenant named contoso.com that is linked to a Microsoft 365 subscription.
You establish federation between fabrikam.com and contoso.com by using a Microsoft Entra Connect instance that is configured as shown in the following exhibit.
You perform the following tasks in contoso.com:
• Create a group named Group1.
• Disable User2.
• Enable User3.
For each of the following statements, select Yes if the statement is true. Otherwise, select No.
NOTE: Each correct selection is worth one point.

HOTSPOT (Drag and Drop is not supported)
You have a Microsoft Entra tenant that has a Microsoft Entra ID P2 service plan. The tenant contains the users shown in the following table.
You have the Device settings shown in the following exhibit.
User1 has the devices shown in the following table.
For each of the following statements, select Yes if the statement is true. Otherwise. select No.
NOTE: Each correct selection is worth one point.

You have an Azure subscription named Sub1 that contains a user named User1.
You need to ensure that User1 can purchase a Microsoft Entra Permissions Management license for Sub1. The solution must follow the principle of least privilege.
Which role should you assign to User1?

You have an Azure subscription that contains a user named User1 and two resource groups named RG1 and RG2.
You need to ensure that User1 can perform the following tasks:
• View all resources.
• Restart virtual machines.
• Create virtual machines in RG1 only.
• Create storage accounts in RG1 only.
What is the minimum number of role-based access control (RBAC) role assignments required?

You work for a company named Contoso, Ltd. that has a Microsoft Entra tenant named contoso.com.
Contoso is working on a project with the following two partner companies:
• A company named A. Datum Corporation that has a Microsoft Entra tenant named adatum.com.
• A company named Fabrikam, Inc. that has a Microsoft Entra tenant named fabrikam.com.
When you attempt to invite a new guest user from adatum.com to contoso.com, you receive an error message.
You can successfully invite a new guest user from fabnkam.com to contoso.com.
You need to be able to invite new guest users from adatum.com to contoso.com.
What should you configure?

You have an Azure subscription that contains a user-assigned managed identity named Managed1 in the East US Azure region. The subscription contains the resources shown in the following table.
Which resources can use Managed1 as their identity?