ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-500 All Questions

View all questions & answers for the MS-500 exam
Go to Exam

Exam MS-500 topic 1 question 86 discussion

Actual exam question from Microsoft's MS-500
Question #: 86
Topic #: 1
[All MS-500 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 E5 subscription that contains a user named User1.

You need to ensure that User1 can review Conditional Access policies.

Solution: You assign User1 the Security Reader role.

Does that meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Anonism at June 6, 2023, 4:03 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Citmerian
2 years ago
Check this: https://learn.microsoft.com/en-us/azure/active-directory/roles/delegate-by-task read: Security - Conditional Access (Least privileged role - Security Reader) - (Additional roles - Conditional Access Administrator and Security Administrator)
upvoted 1 times
Citmerian
2 years ago
I think YES
upvoted 1 times
...
...
DavidBM
2 years ago
Selected Answer: A
Yes, assigning User1 the Security Reader role will allow them to review Conditional Access policies. The Security Reader role allows users to view security reports and dashboards in Azure Security Center and view security settings in Azure Active Directory (Azure AD) Identity Protection and Privileged Identity Management Therefore, the answer is A. Yes.
upvoted 1 times
...
Lekso
2 years ago
The answer is NO . This is no a security issue only a conditional access issue
upvoted 1 times
...
Anonism
2 years ago
NO The Security Reader role provides read-only access to security-related information in Azure AD and other Microsoft 365 security tools. While it allows User1 to view security-related data, it does not grant the necessary permissions to review or manage Conditional Access policies.
upvoted 1 times
RomanV
2 years ago
Read between the lines my friend. The question is --> You need to ensure that User1 can REVIEW Conditional Access policies. Reviewing is not the same as MANAGING CAP.
upvoted 1 times
...
RomanV
2 years ago
Read this as well: To see applied Conditional Access policies in the sign-in logs, administrators must have permissions to view both the logs and the policies. The least privileged built-in role that grants both permissions is Security Reader. As a best practice, your Global Administrator should add the Security Reader role to the related administrator accounts. So answer is A: YES Source: https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/how-to-view-applied-conditional-access-policies
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel