Microsoft 365 Security Administration — Question 34

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to ensure that User1 can configure an Azure Active Directory (Azure AD) Identity Protection user risk policy and receive Azure AD Identity Protection alerts. The solution must use the principle of least privilege.

Which role should you assign to User1?

Answer options

• A. Security Operator
• B. Identity Governance Administrator
• C. Security Administrator
• D. Security Reader

Correct answer: C

Explanation

The Security Administrator role grants the necessary permissions for User1 to configure Azure AD Identity Protection user risk policies and manage alerts. The other roles, such as Security Operator and Security Reader, do not provide the full capabilities needed for this task, while the Identity Governance Administrator role focuses more on governance and compliance rather than security policies.