You have an Azure subscription that contains a custom application named Application1. Application1 was developed by an external company named Fabrikam, Ltd. Developers at Fabrikam were assigned role-based access control (RBAC) permissions to the Application1 components. All users are licensed for the Microsoft 365 E5 plan.
You need to recommend a solution to verify whether the Fabrikam developers still require permissions to Application1. The solution must meet the following requirements:
the manager of the developers, send a monthly email message that lists the access permissions to Application1.
If the manager does not verify an access permission, automatically revoke that permission.
Minimize development effort.
What should you recommend?
- A: Create an Azure Automation runbook that runs the Get-AzureADUserAppRoleAssignment cmdlet.
- B: Create an Azure Automation runbook that runs the Get-AzRoleAssignment cmdlet.
- C: In Azure Active Directory (Azure AD), create an access review of Application1.
- D: In Azure Active Directory (AD) Privileged Identity Management, create a custom role assignment for the Application1 resources.