You are a global administrator in a company with a Microsoft 365 subscription with Microsoft 365 E5 licenses assigned to your users.
You have Windows 10 devices that are onboarded to Microsoft Defender for Endpoint.
You have created a device group, and want to configure permissions and security settings for your devices.
First you create an Azure Active Directory user group.
Which two actions should you do next?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A
You should create a new role in Microsoft Defender Security Center and assign it to the Azure Active Directory user group you created first (in question text)
Then you must assign your device group to the new role you created.
This will ensure that access to the devices will be provided using the configured settings in the role.Option B is incorrect.
Granting your user group a RBAC role will not configure security settings for your devices.
Option C is incorrect.
Adding tags to your devices will help you to logically group them, but this not configure the security settings.
Option D is incorrect.
Adding your device group to a new security group does not make sense in this scenario, and is not the correct answer.
To know more about adding roles in Microsoft Defender, please refer to the link below:
Based on the scenario presented, you are a global administrator for a company with a Microsoft 365 subscription and Windows 10 devices onboarded to Microsoft Defender for Endpoint. You want to configure permissions and security settings for your devices by creating an Azure Active Directory (Azure AD) user group.
The next steps you should take involve creating roles and assigning permissions to them:
Option A suggests creating a role in Microsoft Defender Security Center and assigning it to your device group. This is a valid approach, as Microsoft Defender Security Center is a central hub for managing endpoint security in Microsoft 365. This option allows you to create a custom role that aligns with your organization's specific security requirements and assign it to your device group. The role can include permissions related to managing security settings, investigating alerts, and performing remediation actions.
Option B suggests creating a role-based access control (RBAC) role in the Azure portal and adding your Azure AD user group to the role. This is also a valid approach, as RBAC is a flexible system that allows you to define fine-grained permissions for various Azure resources, including Microsoft Defender for Endpoint. By creating a custom RBAC role, you can control who can perform specific actions on your Windows 10 devices and ensure that your security policies are enforced consistently across your organization.
Option C suggests selecting your devices in the Security operations dashboard and creating new tags for your devices. While this option can help you organize your devices and prioritize your security investigations, it does not address the need to configure permissions and security settings for your devices.
Option D suggests creating a new security group in the Azure portal and adding your device group to it. While security groups can be used to manage access to various Azure resources, including Microsoft Defender for Endpoint, this option does not provide guidance on how to configure specific permissions and security settings for your devices.
In conclusion, the two recommended actions to configure permissions and security settings for your devices after creating an Azure AD user group are to either create a role in Microsoft Defender Security Center and assign it to your device group (Option A) or create a custom RBAC role in the Azure portal and add your Azure AD user group to the role (Option B).