Exam MS-500 topic 1 question 83 discussion

https://learn.microsoft.com/en-us/defender-endpoint/assign-portal-access

Correct answers: - User1 and User2 only - User4 only I hear you ask, why? "Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in the Microsoft 365 Defender portal, therefore, having the right groups ready in Azure AD is important. Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role." Source: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

Can enable Microsoft Defender for Endpoint RBAC: User1 and User2 only https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide To enable the feature, you must have a Global Administrator role or Security Administrator role in Azure AD. Will lose access to Microsoft 365 Defender portal: User4 only Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.

Can enable Microsoft Defender for Endpoint RBAC is correct for User1 and User2 only because Microsoft says: "When you first log in to the Microsoft 365 Defender portal, you're granted either full access or read only access. Full access rights are granted to users with Security Administrator or Global Administrator roles in Azure AD. " The article is at: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

User4(Security Reader) will definitely lose access to the Microsoft 365 Defender portal, but I am not sure about User3(Security Operator). I found a Microsoft article that confirms the loss of access:"Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role." The article is at: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

This part unclear for me: which users will lose access to Microsoft 365 Defender portal after RBAC in enabled? Not agree Security reader will lose access to Microsoft 365 Defender portal https://learn.microsoft.com/en-us/microsoft-365/security/defender/custom-roles?view=o365-worldwide

ET admins are not even citing their pages for their answers on this one... like a few others I have seen.