Microsoft 365 Identity and Services (legacy) — Question 26

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named
User1.
You enable Azure AD Identity Protection.
You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.
To which role should you add User1?

Answer options

• A. Security reader
• B. User administrator
• C. Owner
• D. Global administrator

Correct answer: A

Explanation

The Security reader role grants the necessary permissions to view risk-related information in Azure AD Identity Protection without providing excessive privileges. The User administrator, Owner, and Global administrator roles offer broader permissions than needed for this task, which conflicts with the principle of least privilege.