Microsoft 365 Security Administration Exam - Role Assignment for Helpdesk

Role Assignment for Helpdesk

Question

You are a global administrator in a company with a Microsoft 365 subscription with Microsoft 365 E5 licenses assigned to your users.

You are using Advanced Threat Protection policies to harden your security and need to enable your helpdesk to view reports from the Security Dashboard (Security & Compliance Center - Threat Management - Dashboard)

Which role should you assign your helpdesk? The solution must use the principle of least privilege.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: C

You should assign your helpdesk the role Security Reader.

The least privileged role that allows users to view reports within the Security Dashboard is “Security Reader”

See exhibit from Microsoft documentation:

In order to view and use the reports described in this article, you need to be a member of one of the following role groups in the
Security & Compliance Center:

* Organization Management
© Security Adi
© Security Reader
© Global Reader

istrator

Option A is incorrect.

This role will allow you to view the reports but is not the least privileged role.

Hence it is not the correct answer.

Option B is incorrect.

Reports Reader will not grant access to the security dashboard.

With this role you can read sign-in and audit reports

Option D is incorrect.

Directory Reader will not grant access to the security dashboard.

With this role you can read basic directory information.

To know more about viewing reports in the Security Center, please refer to the link below:

The principle of least privilege dictates that users should only be granted the minimum privileges necessary to perform their job functions. In this scenario, the goal is to enable the helpdesk to view reports from the Security Dashboard without giving them more permissions than they need.

Out of the provided options, the most appropriate role to assign to the helpdesk is the "Reports Reader" role. This role grants users access to reports in the Security & Compliance Center, including reports from the Security Dashboard.

The other options are not as appropriate because they grant more permissions than necessary for the helpdesk to view reports.

The "Security Administrator" role grants full access to all security-related features and settings in the Security & Compliance Center, which is more than the helpdesk needs to view reports.

The "Security Reader" role grants access to all security-related features and settings in the Security & Compliance Center, which is also more than the helpdesk needs to view reports.

The "Directory Reader" role grants read-only access to all directory objects in Azure Active Directory, which is unrelated to the Security Dashboard and does not provide the necessary permissions for the helpdesk to view reports.

Therefore, the most appropriate role for the helpdesk to view reports from the Security Dashboard with the principle of least privilege in mind is the "Reports Reader" role.