Exam MS-100 topic 3 question 10 discussion

User1 : This doc appears to say a Security Reader can download the reports. https://docs.microsoft.com/en-us/microsoft-365/compliance/download-existing-reports?view=o365-worldwide In general, global administrators, security administrators, and security readers can access and download reports in the Security & Compliance Center. Least privilege is for Security Reader. User2: Security Administrator, Compliance Administrator and Organization Management can manage alerts. However, Security Administrator has the least privilege.

Both are Security Administrator.

Answer is correct! Security Reader & Security Administrator

Security Reader and Security Administrator. For Users 1 its Security Reader. To use the reports, you need to be a member of one of the following role groups in the Microsoft 365 Defender portal: Organization Management Security Administrator Security Reader Global Reader

Both are Security Administrator.

Following the principle of least privilege I would go with records management and security administrator.

security reader can download report :https://docs.microsoft.com/en-us/microsoft-365/compliance/download-existing-reports?view=o365-worldwide#:~:text=In%20general%2C%20global%20administrators%2C%20security,to%20Reports%20%3E%20Reports%20for%20download.

1. Security reader - In general, global administrators, security administrators, and security readers can access reports in the Security & Compliance Center 2. Security Administrator

Global Reader Members have read-only access to reports, alerts, and can see all the configuration and settings. The primary difference between Global Reader and Security Reader is that a Global Reader can access configuration and settings. Security Reader Sensitivity Label Reader Security Administrator Organization Management Members can control permissions for accessing features in the Security & Compliance Center, and manage settings for device management, data loss prevention, reports, and preservation. Users who are not global administrators must be Exchange administrators to see and act on devices that are managed by Basic Mobility and Security for Microsoft 365 (formerly known as Mobile Device Management or MDM). Global admins are automatically added as members of this role group. Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance-center#mapping-of-role-groups-to-assigned-roles

Security Reader can download the reports. "Make sure that you have the necessary permissions assigned in the Security & Compliance Center. In general, global administrators, security administrators, and security readers can access reports in the Security & Compliance Center." https://docs.microsoft.com/en-us/microsoft-365/compliance/download-existing-reports?view=o365-worldwide

i think it's an MS-101 exam question

3 & 3 for sure. Security Reader & Security Administrator!

what is the correct answer?

Pulled from descriptions in the Security -> Permissions of lab tenant Records management Description Members of this management role group have permissions to manage and dispose record content. Compliance Administrator Description Manage settings for device management, data loss prevention, reports, and preservation. Edit Assigned roles View-Only Retention Management Manage Alerts

for user1, can it be record management ? ( for Record Management :Members can manage and dispose record content.)

Security Reader: Members can manage security alerts (view only), and also view reports and settings of security features. Security Administrator, Compliance Administrator and Organization Management can manage alerts. However, Security Administrator has the least privilege. Reference: https://docs.microsoft.com/en-us/office365/securitycompliance/permissions-in-the-security-and-compliance

This doc appears to say a Security Reader can download the reports. https://docs.microsoft.com/en-us/microsoft-365/compliance/download-existing-reports?view=o365-worldwide