AZ-600 Exam Dumps | You have an Azure Stack Hub integrated system that contains a guest Azure AD tenant named fabrikam.com.

<< Prev Question Next Question >>

Question 5/71

You have an Azure Stack Hub integrated system that contains a guest Azure AD tenant named fabrikam.com.
You need to unregister fabrikam.com.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.

Correct Answer:

Explanation
Step 1: Connect to the Azure Resource Manager (ARM) endpoint
Compare to the steps in the note below.
Use https://adminmanagement.<region>.<domain>
Azure Resource Manager (administrator)
Adminmanagement.<region>.<fqdn>
Azure Resource Manager (user)
Management.<region>.<fqdn>
Step 2: Run the -Unregister-AzSGuestDirectoryTenant cmdlet.
Unregister a guest directory
If you no longer want to allow sign-ins to Azure Stack Hub services from a guest directory tenant, you can unregister the directory. Again, both the home Azure Stack Hub directory and guest directory need to be configured.
Configure guest directory
Step 3: Instruct the global administrator of fabrikam.com to run the -unregister- AzsWithMyDirectoryTenant cmdlet.
Configure guest directory
Note: Enabling AAD Multi-Tenancy in Azure Stack
Allowing users and service principals from multiple AAD directory tenants to sign in and create resources on Azure Stack. There are two personas involved in implementing this scenario.
1. The Administrator of the Azure Stack installation
2. The Directory Tenant Administrator of the directory that needs to be onboarded to Azure Stack Step 1: Onboard the Guest Directory Tenant to Azure Stack This step will let Azure Resource manager know that it can accept users and service principals from the guest directory tenant.
$adminARMEndpoint = "https://adminmanagement.<region>.<domain>"
$azureStackDirectoryTenant = "<homeDirectoryTenant>.onmicrosoft.com" # this is the primary tenant Azure Stack is registered to
$guestDirectoryTenantToBeOnboarded = "<guestDirectoryTenant>.onmicrosoft.com" # this is the new tenant that needs to be onboarded to Azure Stack
$location = "local"
Register-AzsGuestDirectoryTenant -AdminResourceManagerEndpoint $adminARMEndpoint `
-DirectoryTenantName $azureStackDirectoryTenant `
-GuestDirectoryTenantName $guestDirectoryTenantToBeOnboarded `
-ResourceGroupName "system.local" `
-Location $location
With this step, the work of the Azure Stack administrator is done.
Guest Directory Tenant Administrator
Step 2: Registering Azure Stack applications with the Guest Directory
Execute the following cmdlet as the administrator of the directory that needs to be onboarded, replacing
$guestDirectoryTenantName with your directory domain name
$tenantARMEndpoint = "https://management.<region>.<domain>"
$guestDirectoryTenantName = "<guestDirectoryTenant>.onmicrosoft.com" # this is the new tenant that needs to be onboarded to Azure Stack Register-AzsWithMyDirectoryTenant -TenantResourceManagerEndpoint $tenantARMEndpoint `
-DirectoryTenantName $guestDirectoryTenantName
Reference:
https://learn.microsoft.com/en-us/azure-stack/operator/enable-multitenancy
https://github.com/Azure/AzureStack-Tools/blob/master/Identity/README.md
https://learn.microsoft.com/en-us/azure-stack/operator/enable-multitenancy

Question 5/71

LEAVE A REPLY

Download PDF File