Microsoft 365 Administrator — Question 361

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

Answer options

• A. Security Reader
• B. Global Administrator
• C. Owner
• D. User Administrator

Correct answer: A

Explanation

User1 should be assigned the Security Reader role because it grants the necessary permissions to view security-related information without providing excessive access. The Global Administrator and Owner roles have broader permissions that exceed what is required for this task, while the User Administrator role focuses more on user management rather than security reviews.