Microsoft 365 Identity and Services (legacy) — Question 85

You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com. The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

Answer options

• A. Security reader
• B. Service administrator
• C. Compliance administrator
• D. Global administrator

Correct answer: A

Explanation

The correct answer is 'Security reader' because this role allows User1 to view information about users flagged for risk without granting excessive permissions. Other roles, such as 'Service administrator' and 'Global administrator', provide broader privileges that exceed the least privilege principle, and 'Compliance administrator' does not specifically grant access to Azure AD Identity Protection reviews.