Exam MS-102 topic 1 question 124 discussion

Agree with the answers. Enable RBAC: Admin1 and Admin 2 No longer have access: Admin 3 and Admin 4 Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide#before-you-begin https://www.examtopics.com/discussions/microsoft/view/110910-exam-ms-101-topic-2-question-138-discussion/

Users who can enable RBAC: Admin1 (Global Admin) Admin2 (Security Admin) Users who will lose access after RBAC is enabled: Admin3 (Security Operator) Admin4 (Security Reader) Admin5 (Application Admin)

Given answer is correct. For the second question here is the key point in the question "Users that will NO LONGER have access" - The Application Admin never had access so shouldn't be included.

= Admin1 and Admin2 can enable RBAC because they have the highest-level administrative privileges (Global Administrator and Security Administrator). = Admin3, Admin4, and Admin5 will lose access to the Microsoft 365 Defender portal after RBAC is enabled. This is because they have roles that are typically granted limited or read-only access, and RBAC allows for granular control over permissions.

Given answer are correct

Agreed. After enabling RBAC only Global Admin and Security Admin will have access so Admin 1 and Admin 2 is correct. For the second question it is Admin 3 and Admin 4. The question is Users that will NO LONGER have access. The Application Admin never had access so shouldn't be included.

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide Initially, only those with Microsoft Entra Global Administrator or Security Administrator rights will be able to create and assign roles in the Microsoft Defender portal, therefore, having the right groups ready in Microsoft Entra ID is important. Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Microsoft Entra Security reader role) to lose access until they are assigned to a role. Users with admin permissions are automatically assigned the default built-in Defender for Endpoint global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Microsoft Entra Global or Security Administrators to the Defender for Endpoint global administrator role. After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal.

NO2 : Admin3, Admin4, Admin5