Microsoft Endpoint Administrator — Question 335

You have a Microsoft 365 subscription.

You need to provide a user the ability Security defaults and create Conditional Access policies. The solution must use the principle of least privilege.

Which role should you assign to the user?

Answer options

• A. Global Administrator
• B. Conditional Access Administrator
• C. Security Administrator
• D. Intune Administrator

Correct answer: B

Explanation

The Conditional Access Administrator role is specifically designed to manage Conditional Access policies and Security defaults, aligning with the least privilege principle. The Global Administrator role has broader permissions than necessary, while the Security Administrator and Intune Administrator roles do not grant the specific capabilities required for managing Conditional Access.