Assigning User 1 Permission to Put Core eDiscovery Case Content on Hold
Question
You are the global administrator of an organization with a Microsoft 365 subscription.
You have a Core eDiscovery case, and due to legal reasons, you need to assign user 1 permission to put the case content on hold.
The solution must use the principle of least privilege.
Which role should you assign?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
eDiscovery Manager is the least privileged role with permissions to put eDiscovery content on hold.
![LPedatiOn OF FOrWarGinig/reairect rule
ft Home > Alert policy
@ Compliance Manager ae . ae ae ‘ fan . a . Pa wae .
Use alert policies to track user and admin activities, malware threats, or data loss incidents in your organization. After choosing the activity you want to be alerted on, refine the policy by adding conditions, deciding when to trigger tl 2 kdit pe
D Data classification policies
More advanced alerting capabilities are available through E5, Threat intelligence or Advanced compliance subscriptions. Learn more
Pa Detjeonnectars A Some sections of this alert cannot be edited because it's a default policy.
A Ast + New alert policy Search PT ater Status @q =
a Description This alert is triggered when someone in your
}* Reports
B organization sets up auto-forwarding, email
= Pol (Name Severity Type Category forwarding, redirect rule or a mail flow rule -V1.0.0.5
= Polici
2} Permissions (1 Successful exact data match upload @ low system Threat management Severity Informational
Category Threat management
C1 Elevation of Exchange admin privilege @ low stem Permissions
Solutions .
Policy
Hl cone (1 User restricted from sharing forms and collecting responses @ High Threat management contains tags
# Catalog
‘avait mail reported by user as malware or phish © ow system Threat management
Conditions Activity is MailRedirect
C1 Admin triggered manual investigation of email Informatio: stem Threat management
P Content search ‘99% 9 3 Aggregation _ Single event
2) Communication compliance C1 eDiscovery search started or exported Informational Threat management Scope Allusers
[2 Data loss prevention (Phish delivered because a user's Junk Mail Folder is disabled Informational System Threat management
- TenantAdmins
E\ Gaaiipssiremecs (1 Admin Submission Result Completed Informatio tem Threat management recipients
ff eDiscovery v Edit
C1 Email sending limit exceeded @ Medium Threat management No limit
=] Information governance
C1 Remediation action taken by admin on emails or URL or sender Informational System Threat management
[4 Information protection
ZZ Creation of forwarding/redirect rule Informational System Threat management
% Insider risk management](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-365-Security-Administration-(MS-500)/answer/imgckeditor_19.png)
Since the answer is given in the documentation, the other options are incorrect.
To know more about eDiscovery roles and permissions, please refer to the link below:
The correct answer to the question is A. eDiscovery Administrator.
Explanation: To understand why eDiscovery Administrator is the correct answer, let's first understand the concept of "least privilege." The principle of least privilege is a security concept that requires that a user or system be granted only the minimum level of access or permissions necessary to perform its tasks.
In the context of Microsoft 365, the eDiscovery Administrator role is the one that has the necessary permissions to create and manage eDiscovery cases, including putting content on hold. This means that assigning the eDiscovery Administrator role to User 1 will give them the minimum level of access needed to perform the required task, and no more.
On the other hand, the Reviewer role does not have the necessary permissions to put content on hold. The eDiscovery Manager role has more permissions than the eDiscovery Administrator role and should only be assigned to individuals responsible for managing eDiscovery within the organization. The Logic App Contributor role is not related to eDiscovery and is therefore not relevant to this question.
In conclusion, assigning the eDiscovery Administrator role to User 1 is the best solution because it follows the principle of least privilege and gives them the necessary permissions to perform the required task without granting unnecessary access.
