Microsoft Endpoint Administrator — Question 192

You have a Microsoft 365 E5 subscription that includes Microsoft Intune and contains a user named Admin1.

Admin1 must use the Microsoft Intune admin center to perform the following tasks:

• Create and assign apps and policies to users and devices by using Intune.
• Create, assign, and delete Windows 365 Cloud PC provisioning policies.

You need to assign the required roles to Admin1. The solution must meet the following requirements:

• Follow the principle of least privilege.
• Minimize administrative effort.

What should you do?

Answer options

• A. Assign Admin1 the Help Desk Operator role.
• B. Assign Admin1 the Cloud PC Reader role.
• C. Assign Admin1 the Cloud PC Administrator role.
• D. Create a custom Microsoft Entra role and assign the role to Admin1.
• E. Create a custom Intune role and assign the role to Admin1.

Correct answer: E

Explanation

The correct answer is E, as creating a custom Intune role allows for precise permissions tailored to Admin1's responsibilities, adhering to the principle of least privilege. The other options either provide excessive permissions (C) or insufficient permissions (A, B), which would not enable Admin1 to perform the required tasks effectively.