You are the global administrator for a company’s Azure subscription. The company uses Azure Active Directory
Premium and the Application Access Panel. You are configuring access to a Software as a Service (SaaS)
application.You need to ensure that the sales team lead is able to manage user access to the application but is unable to
modify administrative access to the application.
In the Azure portal, what should you do?
A.
Create an Azure group and assign it to the SaaS application. Create an Azure user with the User Admin
role, and assign the user as the owner of the new group.
B.
Create an Azure group and assign it to the SaaS application. Create an Azure user with the Service Admin
role, and assign the user as the owner of the new group.
C.
Set the values of the Delegated group management and Users can create groups settings to Enabled.
D.
Create an Azure group and assign it to the SaaS application. Create an Azure user with the Global Admin
role, and assign the user as the owner of the new group.
Looks like this question is about group self-service with the Application Access Panel. Which would mean C is the correct answer, assuming you use the classic portal.
https://docs.microsoft.com/en-us/azure/active-directory/active-directory-accessmanagement-self-service-group-management#make-a-group-available-for-user-self-service
http://www.tutorialspoint.com/microsoft_azure/microsoft_azure_self_service_group_management.htm