Microsoft 365 Administrator — Question 238

You have a Microsoft 365 subscription that contains a Microsoft Entra tenant named contoso.com. The tenant includes a user named User1.

You enable Microsoft Entra ID Protection.

You need to ensure that User1 can review the list in Microsoft Entra ID Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

Answer options

• A. Security Reader
• B. Reports Reader
• C. Compliance Administrator
• D. Owner

Correct answer: A

Explanation

The Security Reader role allows users to view security-related information, including users flagged for risk in Microsoft Entra ID Protection, which aligns with the requirement. The Reports Reader role does not provide access to security risk information, while the Compliance Administrator role has broader permissions that exceed least privilege. The Owner role grants full control, which is also not in line with the principle of least privilege.