Microsoft 365 Security Administration — Question 50

You have a Microsoft 365 E5 subscription named contoso.com.

You create a user named User1.

You need to ensure that User1 can change the status of Microsoft Defender for Identity health alerts. The solution must use principle of the least principle.

What should you do?

Answer options

• A. From the Microsoft 365 Defender portal, assign User1 the Security Operator role.
• B. From the Microsoft 365 admin center, add User1 to the Azure ATP contoso.com Administrators group.
• C. From the Microsoft 365 admin center, add User1 to the Azure ATP contoso.com Users group.
• D. From the Microsoft 365 admin center, assign User1 the Hybrid Identity Administrator role.

Correct answer: A

Explanation

The correct answer is A because the Security Operator role allows User1 to manage security alerts in a way that aligns with the principle of least privilege. Options B and C grant broader access than necessary, while option D provides more permissions than what is required for changing health alert statuses.