Microsoft 365 Security Administration — Question 76

You have a Microsoft 365 subscription linked to an Azure Active Directory (Azure AD) tenant that contains a user named User1.
You need to grant User1 permission to search Microsoft 365 audit logs. The solution must use the principle of least privilege.
Which role should you assign to User1?

Answer options

• A. the Reviewer role in the Microsoft 365 Compliance center
• B. the View-Only Audit Logs role in the Exchange admin center
• C. the Compliance Management role in the Exchange admin center
• D. the Security reader role in the Azure Active Directory admin center

Correct answer: D

Explanation

The correct answer is D because the Security reader role in Azure AD grants read-only access to security-related features, including audit logs, without excessive permissions. The other roles, such as the Reviewer role or Compliance Management role, may not specifically allow for audit log searching or could grant more permissions than necessary, violating the principle of least privilege.