Your organization uses Microsoft Entra ID and needs to ensure that external partners can access only specific applications for 30 days. What should you configure?
Access packages in entitlement management allow you to grant time-limited access to applications for external users.
Why this answer
Option A is correct because entitlement management in Microsoft Entra ID allows you to create access packages that govern external partner access to specific applications. By configuring an access package with a 30-day expiration, you enforce time-limited access, ensuring partners can only access the designated applications for the required duration. This directly meets the requirement of restricting access to specific apps with a defined expiry.
Exam trap
The trap here is that candidates often confuse Conditional Access session controls (which manage sign-in frequency or app restrictions) with the ability to grant and expire access to specific applications, overlooking that entitlement management is the correct identity governance solution for time-limited external access.
How to eliminate wrong answers
Option B (B2B direct connect) is wrong because it is designed for mutual two-way access between organizations, typically for Teams Connect shared channels, and does not provide granular control over application-specific access or automatic expiration. Option C (self-service group management) is wrong because it allows users to create and manage their own groups, but it does not enforce time-bound access to specific applications or support external partner lifecycle management. Option D (Conditional Access policy with session control) is wrong because while it can enforce session restrictions like sign-in frequency, it cannot grant or expire access to specific applications for external users; it only controls access conditions for users who already have access.