Exam MS-102 topic 1 question 76 discussion

A is correct Answer is correct "A". Security Administrator will not loose access after RBAC is enabled. Security Reader will so definitely not C. Initially, only those with Azure AD Global Administrator or Security Administrator rights will be able to create and assign roles in Microsoft Defender Security Center, therefore, having the right groups ready in Azure AD is important. Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role. https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

"Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role." https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

Copilot: C. User3 (Security Reader), as this role is specifically designed for viewing security incidents https://learn.microsoft.com/en-us/defender-endpoint/manage-incidents

Políticas anti-phishing no Microsoft 365 https://learn.microsoft.com/en-us/defender-office-365/anti-phishing-policies-about

"When you first sign in to the Microsoft Defender portal, you're granted either full access or read only access. Full access rights are granted to users with the Security Administrator role in Microsoft Entra ID. Read only access is granted to users with a Security Reader role in Microsoft Entra ID."

The statement "You verify that role-based access control (RBAC) is turned on in Microsoft Defender for Endpoint" means that "role-based permissions" are being enforced within the Microsoft Defender for Endpoint environment. When RBAC is enabled, access to security data (such as incidents, alerts, or reports) is controlled based on the user’s assigned role in Azure AD. Each role has specific permissions regarding what they can view or manage. In the context of the question: - "Security Reader (User3)" is a role that grants "view-only access" to security information, including security incidents and alerts. With RBAC enabled, this role can view security incidents but cannot make changes to them, making "User3" the correct answer. Thus, turning on RBAC ensures that "only those with the proper permissions (e.g., Security Reader)" can view the security incidents in Microsoft 365 Defender. This is why "Option C (User3)" is correct.

Initially, only those with Microsoft Entra Global Administrator or Security Administrator rights can create and assign roles in the Microsoft Defender portal; therefore, having the right groups ready in Microsoft Entra ID is important. Turning on role-based access control causes users with read-only permissions (for example, users assigned to Microsoft Entra Security reader role) to lose access until they are assigned to a role. Users with administrator permissions are automatically assigned the default built-in Defender for Endpoint Global Administrator role with full permissions. After opting in to use RBAC, you can assign additional users who aren't Microsoft Entra Global Administrators or Security Administrators to the Defender for Endpoint Global Administrator role. After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal.

AMDf is correct

Security reader Security readers can perform the following tasks: - View a list of onboarded devices - View security policies - View alerts and detected threats - View security information and reports Security readers can't add or edit security policies, nor can they onboard devices.

This should be C I think... https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide "Security Reader - Members have read-only access to many security features of Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, and the Defender and compliance portals. " I see nothing in this statement or anywhere around the Security Reader role in this article indicating they wouldn't be able to view incidents within that portal.

https://www.examtopics.com/discussions/microsoft/view/49358-exam-ms-101-topic-2-question-27-discussion/

A is correct https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

Only view security incident... Security reader. https://learn.microsoft.com/en-us/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-worldwide&tabs=M365Admin