What can you use to provide a user with a two-hour window to complete an administrative task in Azure?

Disable ads (and more) with a membership for a one time $4.99 payment

Study for the Microsoft SC-900 Exam. Master key concepts with targeted flashcards and multiple-choice questions, featuring hints and explanations. Get prepared and confident for success!

The ability to provide a user with a two-hour window to complete an administrative task in Azure is effectively managed through Azure Active Directory Privileged Identity Management (PIM). This feature allows organizations to enforce just-in-time access to Azure resources, which helps ensure that users only have elevated permissions when they absolutely need them.

By using PIM, administrators can assign users eligible roles that can be activated for specific time periods—such as the two-hour window mentioned in the scenario. This approach enhances security by minimizing the time that elevated permissions are active, thus reducing the risk of unauthorized actions or misuse of privileges. Upon activation, users may receive the necessary permissions to carry out their administrative tasks for the defined duration.

In the context of the other options, while Azure Multi-Factor Authentication enhances security by requiring additional verification, it does not control the timing or duration of access to tasks. Azure Active Directory Identity Protection primarily focuses on detecting and responding to potential vulnerabilities and suspicious activities rather than managing administrative task windows. Conditional access policies are important to govern and enforce access conditions but do not provide time-bound access to specific tasks. Hence, PIM stands out as the designated tool for managing temporary access to administrative roles effectively.