ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam MS-102 All Questions

View all questions & answers for the MS-102 exam
Go to Exam

Exam MS-102 topic 1 question 263 discussion

Actual exam question from Microsoft's MS-102
Question #: 263
Topic #: 1
[All MS-102 Questions]

You have a Microsoft 365 subscription that contains an Azure AD tenant named contoso.com. The tenant includes a user named User1.

You enable Azure AD Identity Protection.

You need to ensure that User1 can review the list in Azure AD Identity Protection of users flagged for risk. The solution must use the principle of least privilege.

To which role should you add User1?

  • A. Global Administrator
  • B. Service Administrator
  • C. Security Administrator
  • D. Reports Reader
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by solderboy at Jan. 12, 2024, 5:40 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
solderboy
Highly Voted 1 year, 4 months ago
Selected Answer: C
The risky sign-ins reports are available to users in the following roles: ✑ Security Administrator ✑ Global Administrator ✑ Security Reader There are several versions of this question in the exam. The question has three possible correct answers: 1. Security Reader 2. Security Administrator 3. Global Administrator Other incorrect answer options you may see on the exam include the following: 1. Service Administrator. 2. Reports Reader 3. Compliance Administrator
upvoted 20 times
...
Ody
Most Recent 6 months ago
Selected Answer: D
I am not disagreeing with the documentation people have posted, but if you set it up and make a user a Reports Reader, that user can login to Entra ID, go to Identity Protection and review and download the risk reports. Reports Reader: Users with this role can view usage reporting data and the reports dashboard in Office 365 admin center and the adoption context pack in Power BI. Additionally, the role provides access to sign-on reports and activity in Microsoft Entra ID and data returned by the Microsoft Graph reporting API. A user assigned to the Reports Reader role can access only relevant usage and adoption metrics.
upvoted 2 times
Frank9020
5 months, 4 weeks ago
The Reports Reader role in Microsoft Entra ID (formerly Azure AD) provides read-only access to view reports and monitoring data related to Azure AD resources. However, this role does not include permissions to access security-related information, such as risk detections in Azure AD Identity Protection. These capabilities are typically assigned to roles like Security Reader, which is designed for read-only access to security-related features, including Identity Protection data such as flagged users and risk detections
upvoted 1 times
...
...
APK1
9 months ago
Selected Answer: C
Since there is no Security Reader provided in the answers list, Security Administrator is the correct answer. Report Reader (Can read sign-in and audit reports) is not Security Reader
upvoted 3 times
...
[Removed]
1 year ago
Selected Answer: D
Security Reader
upvoted 1 times
...
SBGM
1 year, 3 months ago
Selected Answer: C
Solder is correct in my opinion
upvoted 2 times
SBGM
1 year, 3 months ago
https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection#required-roles "Identity Protection requires users be a Security Reader, Security Operator, Security Administrator, Global Reader, or Global Administrator in order to access."
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago