Microsoft Identity and Access Administrator — Question 2

You have an Azure Active Directory (Azure AD) tenant that contains a user named SecAdmin1. SecAdmin1 is assigned the Security administrator role.
SecAdmin1 reports that she cannot reset passwords from the Azure AD Identity Protection portal.
You need to ensure that SecAdmin1 can manage passwords and invalidate sessions on behalf of non-administrative users. The solution must use the principle of least privilege.
Which role should you assign to SecAdmin1?

Answer options

• A. Authentication administrator
• B. Helpdesk administrator
• C. Privileged authentication administrator
• D. Security operator

Correct answer: B

Explanation

The correct answer is B, Helpdesk administrator, as this role allows users to reset passwords for non-admin users, which aligns with the requirement. The Authentication administrator (A) has broader privileges related to authentication methods and policies, while the Privileged authentication administrator (C) is focused on managing elevated authentication capabilities. The Security operator (D) does not have the permissions needed for password management.