HOTSPOT Your network contains an on-premises Active Directory Domain Services (AO DS) domain. The domain contains a server that runs Windows Server and hosts shared folders The domain syncs with Azure AD by using Azure AD Connect Azure AD Connect has group writeback enabled. You have a Microsoft 365 subscription that uses Microsoft SharePoint Online. You have multiple project teams. Each team has an AD DS group that syncs with Azure AD Each group has permissions to a unique SharePoint Online site and a Windows Server shared folder for its project. Users routinely move between project teams. You need to recommend an Azure AD identity Governance solution that meets the following requirements: • Project managers must verify that their project group contains only the current members of their project team • The members of each project team must only have access to the resources of the project to which they are assigned • Users must be removed from a project group automatically if the project manager has MOT verified the group s membership for 30 days. • Administrative effort must be minimized. What should you include in the recommendation? To answer select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 
Totally agree with Access Reviews and cloud security groups. Access Reviews hit all the requirements for verification and auto-removal. Since group membership changes need to happen in Azure, on-prem groups just won’t cut it for this scenario. Pretty sure group writeback is essential to keep access consistent across both on-prem and cloud resources.
