Assigning Built-in Administrator Roles - Microsoft 365 Security Administration Exam

Verify Permissions for Assigning Helpdesk Administrator Role

Prev Question Next Question

Question

You are the global administrator in your organization, and responsible for assigning security roles and permissions.

You have a new employee that you will assign the Helpdesk administrator role to, but you want to view the permissions made available first. Where can you verify which permissions are made available when assigning a built-in administrator role?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D

You can view the permissions that are tied to the different roles in the Azure Portal -> Azure Active Directory -> Roles and administrators:

« ++ New custom role © Refresh Ea] Preview features © Gee trecmentnod atte ASTI (2p Groups administrator Sp cuestinvitar ? Got feedback? ‘Can manage all aspects of groups and group settings like naming and expiration policies. Can invite guest users independent of the ‘members can invite guests’ setting. Helpdesk administrator Can reset passwords for non-administrators and Helpdesk administrators. OoOoO}so0 (Ge Hybrid identity administrator > Identity Governance Administrator Jil Insights administrator ‘Can manage AD to Azure AD cloud sync and federation settings. Manage access using Azure AD for identity governance scenarios. Has administrative access in the Insights app.

Click on the Context menu to the far right, and click on Description to get a detailed list of permissions associated with each role:

Built-in . Description Built-in ..
Summary Namet Helpdesk administrator Users with this role can change passwords, invalidate refresh tokens, manage service requests, and monitor service health. invalidating a refresh token forces the user to sign in again. Helpdesk administrators can reset passwords and invalidate refresh tokens of other users who are non-administrators or assigned the following roles only: Directory Readers Guest inviter Helpdesk Administrator Message Center Reader Password Administrator Reports Reader Template ID: 729827e3-9c14-4917-bb1b-9608/156bbb8 Related articles: Assigning administrator roles in Azure Active Directory Role permissions microsoft.directory/bitlockerkeys/key/read Read bitlocker key on devices. microsoft.directory/users/invalidateallRefreshTokens Invalidate all user refresh tokens in Azure Active Directory. microsoft.directory/users/password/update Reset passwords for all users, microsoftazure.serviceHealth/allentities/allTasks Read and configure Azure Service Health. microsoftazure.supportTickets/allEntities/allTasks Create and manage Azure support tickets for directory-level services. microsoftoffice365 serviceHealth/allentities/allTasks Read and configure Office 365 Service Health, microsoftoffice365 supportTickets/allentities/allTasks Create and manage Office 365 support tickets. microsoft.office365.webPortal/allntities/standard/read Read basic properties on all resources in microsoft office365.webPortal.

Option A is incorrect.

You must use Azure AD - Roles and Administrators to get a detailed list of permissions.

Option B is incorrect.

You must use Azure AD - Roles and Administrators to get a detailed list of permissions.

Option C is incorrect.

Azure Security Center is a hub for security mechanisms in your environment.

To know more about roles and permissions, please refer to the link below:

If you want to view the permissions made available when assigning a built-in administrator role, you can verify it in the Office 365 Security and Compliance Center. The Security and Compliance Center is the central place where you can manage security and compliance across your Microsoft 365 organization.

To view the permissions made available when assigning a built-in administrator role, follow these steps:

  1. Sign in to the Office 365 Security and Compliance Center with your global administrator credentials.
  2. In the left pane, click Permissions > Roles.
  3. In the Roles pane, select the built-in administrator role you want to view the permissions for. For example, if you want to view the Helpdesk administrator role, select Helpdesk administrator from the list.
  4. In the right pane, you will see a list of the permissions that are made available when the selected role is assigned to a user. You can review the list to make sure that the Helpdesk administrator role has the permissions that you want the new employee to have.

The other options mentioned in the answers are not the correct places to view the permissions made available when assigning a built-in administrator role. The Office 365 SharePoint admin center is where you can manage SharePoint settings, sites, and users. Azure Security Center is where you can monitor the security of your Azure resources. The Azure Portal is a central place where you can manage all your Azure resources.

Prev Question Next Question