Exam MS-101 topic 3 question 7 discussion

Answers should be Security Reader (Can download reports) and Security Administrator. Compliance admin can set policies. The requirements is just to set alerts.

User1: Security Administrator - security reader can view but can't take actions (download). User2: Security Administrator - Organization Management & Compliance Administrator also can, but we have to use the least privileged role. You can view this details in SCC -> Permissions.

I have read through all the MS articles about SCC permissions however nowhere it states that Security reader can download the report. All documents says that it can only view. According to me For both it will be Security Administrator.

So, security reader and security administrator?

1. Security Reader 2. Security Administrator

Sec Reader / Sec Admin https://www.examtopics.com/discussions/microsoft/view/11610-exam-ms-100-topic-3-question-10-discussion/

According to the link below, Security Readers CAN view/download reports. As this is using the principle of least privilege, the answers will be: Security Reader/Security Administrator https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-mdo?view=o365-worldwide

user1 : security administrator (ability to export or download) user2 : security adminstrator (can manage alerts - no need compliance admin as requires least privileges)

This is the same question as in MS-100 (Question #7 Topic 2). Correct answer is Security Administrator for both.

As I read through the roles, I see there is a Security Administrator role inside what used to be SaC and there is an Azure role. These are not the same. However, the SA role for Azure is also a member of this group. So Security Reader for User1. Security Administrator for User2. https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide#role-groups-in-the-security--compliance-center

The solution must use the principle of least privilege. User 2: Compliance Administrator

User1 : Security Reader - In general, global administrators, security administrators, and security readers can access reports in the Security & Compliance Center.

User 1 - Security reader https://docs.microsoft.com/en-us/microsoft-365/compliance/download-existing-reports?view=o365-worldwide#download-existing-reportsMake sure that you have the necessary permissions assigned in the Security & Compliance Center. In general, global administrators, security administrators, and security readers can access reports in the Security & Compliance Center. User 2 - Security Administrator https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide

User1: Security Reader can download. User2: Security Administrator can manage alerts. In SC portal he has less roles than Compliance Admin.

Security reader can download reports https://docs.microsoft.com/en-us/microsoft-365/compliance/download-existing-reports?view=o365-worldwide Least privilege to mange alerts in S&C admin center- Security Administrator

User 1 with least privileges to download all S&C reports is actually the security reader. https://docs.microsoft.com/en-us/microsoft-365/compliance/download-existing-reports?view=o365-worldwide

Least privleged for User 2 is Security Admin: Manage security policies View, investigate, and respond to security threats View reports