Exam MS-101 topic 12 question 1 discussion

You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center.

It's Global Reader, Microsoft 365 admin center. Go to admin.microsoft.com --> Show all --> Roles --> Role assignments Then select Global Reader --> Permissions --> Show more Scroll down to see Read all properties on audit logs, including privileged properties

in exam 28/6/2023

I had my doubts but answer seems correct: "You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. Global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online. " https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-search?view=o365-worldwide

The answer here is compliance management and Exchange admin center. I've run this through a lab and you can see the audit feature in both the security center and the compliance center as this is what you would need to use in order to review the audit logs for admin activity. Those putting Global reader and Office 365 admin center are wrong. The audit tab will not appear in either security or compliance centers when this role is assigned. I've also run this through a lab scenario. Bear in mind that when you change roles it sometimes takes a little while for the permissions to populate.

It's Global Reader & Microsoft 365 Admin Center: https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide Look for "View-Only Audit Logs" permission

I think correct based on: https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-search?view=o365-worldwide

in exam 2.5.2023

How do you turn off audit logs for entire tenant? That's right: set-adminauditlogconfig -unifiedauditlogingestionenabled $false in Exchange Online PowerShell. The feature is called unified audit log and it builds upon Exchange Online. Answer is correct for the simple reason that Exchange collects and manages basicly ALL the audit logs in Unified Audit Logs. Source: M365 services that support auditing section AND 2nd dot in Before yeu search the audit log IN: https://learn.microsoft.com/en-us/microsoft-365/compliance/audit-log-search?view=o365-worldwide

https://learn.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. Global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online. To give a user the ability to search the audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. For more information, see Manage role groups in Exchange Online.

On exam today 23 Oct 2022. I answered the same. I passed.

First of all, Compliance Management is a role group. Secondly, it is only within Exchange. I would assume that this does not fill the requirements that the case gives. User2 also needs permission to review audit logs from SharePoint Online and Azure AD making it a need for a “global” role. In addition, Audit Logs are browsed from the MS Compliance portal (Purview). In my opinion the user needs Global Reader from the MS365 Admin center.

My 2 cents Looking at the roles the only one that makes sense is Global Reader. The selected Compliance Management doesn't show up a role group. The tool is Microsoft Defender.

The Global reader role is correct here - upon further research, the Global reader role is described as "ideal for anyone looking to perform audits". Regarding the portal, the link below explains this further: https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide Therefore, the answer here is Global reader and Microsoft 365 Security Center.

You have to be assigned the View-Only Audit Logs or Audit Logs role in Exchange Online to search the audit log. By default, these roles are assigned to the Compliance Management and Organization Management role groups on the Permissions page in the Exchange admin center. Global administrators in Office 365 and Microsoft 365 are automatically added as members of the Organization Management role group in Exchange Online. To give a user the ability to search the audit log with the minimum level of privileges, you can create a custom role group in Exchange Online, add the View-Only Audit Logs or Audit Logs role, and then add the user as a member of the new role group. Grant User2 permissions to review the audit logs of the litware.com tenant. The principle of least privilege must be used. Compliance management is the one with least privilege and valid permission from available choices.

If I hadn't seen it with my own eyes, I wouldn't have believed it. But the provided answers are correct. Go to the EXO portal, look at the admin roles, click on the Compliance Management role, then view the permissions.

Role Group: Global Reader (hint...Compliance Management is a Role, not a Role Group) Tool: Microsoft 365 Security Center (M365 Security today)