Exam MS-100 topic 3 question 12 discussion

What is the point of the "View Data" permission by itself? If you can't login to the portal with just that permission (as the answer indicates), then what data can you actually view with that permission?

Y - Y - Y Box 1: Yes. User1 is in Group1 which is assigned to Role1. Device1 is in the device group named ATP1 which Group1 has access to. Role1 gives Group1 (and User1) View Data Permission. This is enough to view Device1 in Windows Security Center. Box 2: Yes. User2 is in Group2 which is assigned to Role2. Role2 gives Group2 (and User2) View Data Permission. This is enough to sign in to Windows Security Center. Box 3: Yes. User3 is in Group3 which is assigned the Windows ATP Administrator role. Someone with a Microsoft Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments. Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/userroles https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/rbac

Answer is Y Y Y

Y,Y,Y, Read-only access Users with read-only access can log in, view all alerts, and related information Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/basic-permissions?view=o365-worldwide

Question 1: Yes. View Data Access and Alert investigation access. Assigned this device by Group 1. Question 2: Yes. View Data Access gives user the ability to log in to Windows Defender Security Center. Question 3: Yes. User 3 is an Administrator.

MS-101 Exam Question ?

Tested and I can confirm: Creating a "ViewData only" and "Alerts investigting role" roles allows user access to ATP portal for user2. Question asks if USer2 can sign in to protection.office.com viz. Security portal. So answer is Yes. Overall So Y/Y/Y

Y, Y, Y for sure! ctfalci

YNY is correct. the key is the device must be a part of a device group. See the Important at the end of the section https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group

y n y no yes?

Tested in my Lab: View Data permission role is not allowed to login to Security center (MS Defender ATP)

"view data" permission grants access to the portal https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles

Correct me if wrong, I think the answer is correct you can use event viewer or so to subscribe to remote events without login into the Windows Security Center: https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus

How is the a MS-100 question, surely it must be MS-101?

Yes Yes Yes

Y - Y - Y

I feel like this is a wrong answer. How can you view the data if you don't have a permission to login at first place?