SC-300 Exam Dumps - Microsoft Certified: Identity and Access Administrator Associate Questions and Answers

When an application requires admin consent to access Microsoft Entra ID data, and you have enabled “Users can request admin consent to apps they are unable to consent to”, Microsoft Entra allows specific users or roles to act as reviewers who can review and approve or deny those requests.

In this scenario:

The Admin consent requests feature is enabled.

Admin1, Admin2, Admin3, and User1 were added as reviewers.

However, only users with the required administrative roles can actually review and approve admin consent requests — not standard users.

According to the Microsoft SC-300 study guide and Microsoft Learn documentation (“Configure the admin consent workflow”), the roles that can review and approve admin consent requests include:

Global Administrator

Cloud Application Administrator

Application Administrator

The Security Administrator role can view and audit permissions but cannot approve consent requests, and regular users (with no admin role) cannot perform any action in this workflow.

Applying this to the question:

Admin1 (Cloud Application Administrator) → ✅ Can approve requests.

Admin2 (Application Administrator) → ✅ Can approve requests.

Admin3 (Security Administrator) → ✅ Can review (depending on Entra configuration; Security Administrator has partial consent visibility for security-sensitive apps).

User1 (None) → ❌ Cannot review or approve because they lack an admin role.

Hence, only Admin1, Admin2, and Admin3 are valid reviewers who can act on admin consent requests.

In Microsoft Entra Permissions Management (formerly CloudKnox), the Permissions Management Administrator role provides the least-privilege rights necessary to onboard cloud environments such as Azure subscriptions, AWS accounts, or GCP projects. This role allows users to configure data collection and onboard environments without granting global administrative access.

The Global Administrator role could also perform onboarding but exceeds the least-privilege requirement. Microsoft’s official documentation (SC-300 “Manage Microsoft Entra Permissions Management” module) clearly states:

“The Permissions Management Administrator can onboard and configure environments for Permissions Management and manage discovery and insights across multi-cloud platforms.”