Free Microsoft PL-600 Actual Exam Questions - Question 11 Discussion
Employee user accounts are in multiple Azure AD tenants and are not located in the tenant that is
running the app.
Employees must be added as Azure AD guest accounts within the tenant that will be running the app.
Employees must access the model-driven app by being a member of a security team. The security
team has been assigned the Employee Security role. Employees must create personal views of
records to view within the system.
You need to implement a security solution.
Which privilege should you use?
A/C? The question points out that employees need to be members of a security team with the Employee Security role, so option C feels right for managing that team membership and role assignment. But creating personal views usually requires at least basic privileges, so maybe A (Direct basic level) is necessary to cover that part. Just relying on team membership (C) might not be enough if that role doesn’t include the privilege to create personal views.
Maybe C since the security team membership is crucial for access control here.
It’s C because the question specifically says employees must be in a security team, so managing privileges through the team makes the most sense rather than just relying on Azure AD groups or direct privileges.
It’s A because the employees need to create personal views, which requires the Basic level privilege. Teams and groups help with membership but don’t grant that specific app privilege.
Maybe B here since the employees come from different Azure AD tenants, using an Azure AD security group might simplify managing access across tenants.