You need to give a manager, jdoe@Contoso.onmicrosoft.com, the ability to read events in security center, but prevent them from making any changes.
Which command should you use?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B Option B is correct.
Read only access is granted to users with a Security Reader role in Azure AD.
Always follow principle of least privilege.
Option A is incorrect.
A security administrator can read security information and reports, and manage configuration.
Option C is incorrect.
A global admin can manage all aspects of Azure and Microsoft services that use Azure identities.
Option D is incorrect.
A global reader can read everything that a Global Administrator can.
Reference:
The correct answer is B. Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress jdoe@Contoso.onmicrosoft.com.
Explanation: Microsoft Security Center is a cloud-based service that provides unified security management and advanced threat protection for workloads running in Azure, on-premises, and other cloud providers. It is important to have the right permissions set for users in the Security Center to ensure the right level of access.
In this scenario, the requirement is to give a manager, jdoe@Contoso.onmicrosoft.com, the ability to read events in Security Center, but prevent them from making any changes. To achieve this, the "Security Reader" role should be assigned to the user. The Security Reader role allows users to view all security-related configuration data and event logs in the Security Center. However, users with this role cannot make any changes or perform any actions.
The PowerShell command to add the user, jdoe@Contoso.onmicrosoft.com, to the Security Reader role is:
Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress jdoe@Contoso.onmicrosoft.com
Option A, Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress jdoe@Contoso.onmicrosoft.com, is incorrect as the Security Administrator role allows users to perform administrative tasks in the Security Center, which includes creating and managing security policies, as well as managing alerts and incidents.
Option C, Add-MsolRoleMember -RoleName "Global Administrator" -RoleMemberEmailAddress jdoe@Contoso.onmicrosoft.com, is incorrect as the Global Administrator role provides complete access to all administrative features in the organization's Microsoft 365 subscription, including Security Center.
Option D, Add-MsolRoleMember -RoleName "Global Reader" -RoleMemberEmailAddress jdoe@Contoso.onmicrosoft.com, is incorrect as the Global Reader role provides read-only access to all administrative features in the organization's Microsoft 365 subscription, but not specifically to Security Center.