Exam MS-101 topic 3 question 38 discussion

Important If you assign a user the View-Only Audit Logs or Audit Logs role on the Permissions page in the Security & Compliance Center, they won't be able to search the audit log. You have to assign the permissions in Exchange Online. This is because the underlying cmdlet used to search the audit log is an Exchange Online cmdlet.

The question should indicate that the search is on a mailbox not other kind of audits.

A. View-Only Audit Logs in the Security & Compliance admin center: This role allows users to search and view audit logs across Microsoft 365 services, not just Exchange. B. View-Only Audit Logs in the Exchange admin center: This role provides access to audit logs specifically within Exchange Online. Both options could potentially provide the ability to view audit logs, but option A is broader as it covers audit logs from all Microsoft 365 services. However, if your scenario involves auditing within Exchange Online specifically, then option B could be appropriate. Please consider your specific requirements and choose the option that best aligns with your needs.

Ans still B - Jan 2023 "You must be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center" https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-troubleshooting-scenarios?view=o365-worldwide

In this case B but you can only do this in the classic EAC not the new EAC. AzureAD\Security Reader does not have the ability to view the audit logs, you'd need Security Operator. https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference

Update since Purview rebrand https://docs.microsoft.com/it-it/learn/modules/manage-microsoft-purview-audit-standard/3-implement-microsoft-purview-audit-standard

The Answer should be B because there is no View-Only audit role in EOC,in Azure AD Role - Security reader Description:Users with this role have global read-only access, including all information in Azure Active Directory, Identity Protection, Privileged Identity Management, as well as the ability to read Azure Active Directory sign-in reports and audit logs. The role also grants read-only permission in Office 365 Security & Compliance Center

I would go for C. Security reader in the Azure Active Directory admin center The answers above seem to answer a different question

You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center

Should be correct based on the statement in the MS article. "You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center"