Microsoft 365 Administrator — Question 146

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

Answer options

• A. Global Administrator
• B. Service Administrator
• C. Security Administrator
• D. Reports Reader

Correct answer: C

Explanation

The correct answer is C, Security Administrator, as this role has the necessary permissions to manage and view identities flagged for risk while maintaining least privilege. The Global Administrator role (A) provides excessive permissions beyond what's needed, the Service Administrator role (B) is not relevant for identity risk management, and the Reports Reader role (D) lacks the required permissions to review flagged users.