Microsoft 365 Administrator — Question 252

You have a Microsoft 365 subscription that contains a Microsoft Entra tenant named contoso.com. The tenant includes a user named User1.

You plan to use Microsoft Entra ID Protection.

You need to ensure that User1 can review the list in Microsoft Entra ID Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

Answer options

• A. Security Reader
• B. Reports Reader
• C. Service Administrator
• D. User Administrator

Correct answer: A

Explanation

The Security Reader role provides the necessary permissions for User1 to view the list of users flagged for risk in Microsoft Entra ID Protection, aligning with the principle of least privilege. The Reports Reader role does not grant access to security-related information, while the Service Administrator and User Administrator roles offer more permissions than needed for this specific task.