Exam SC-300 topic 2 question 14 discussion

Given answers are not right. Users who can set up policies have the security or global admin role. According to given Link https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection, security operator can view all Identity Protection reports and Overview blade, Dismiss user risk, confirm safe sign-in and confirm compromise but can't Configure or change policies, and Configure alerts So the first box should be User3 only because he is security admin and the second one User3 and User4.

Configure user risk policy: User3 (Security Administrator) View the Risky Users Report: User3 and User4 (Security Administrator and Security Operator) Conditional Access Administrator - Does not have access to Identity Protection | User risk policy - Does not have "Grants access to Risky Users Report" Authentication Administrator - Does not have access to Identity Protection | User risk policy - Does not have "Grants access to Risky Users Report" Security Administrator - Has update access to Identity Protection | User risk policy microsoft.directory/identityProtection/allProperties/update = Update all resources in Azure AD Identity Protection - Grants access to Risky Users Report Security Operator - Has only read access to Identity Protection | User risk policy microsoft.directory/identityProtection/allProperties/allTasks = Create and delete all resources, and read and update standard properties in Azure AD Identity Protection - Grants access to Risky Users Report

This is managed with conditional access policies now, and will be deprecated in 2026 so not sure if it's still relevant...

if you see this link 'https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection', you will notice that in the table you will see Security Administrator as having full access on ID protection and security operator as having access to reports except risky sign-ins report. NOTE: below the table you will see 'Conditional Access administrators can create policies that factor in user or sign-in risk as a condition. Find more information in the article Conditional Access: Conditions.' which clarifies that User 1, User 3 should be for box 1 and user1, 3, 4 for box 2.

Configure the user risk policy: User 3 only View the risky users report: User 3 and User 4 only

It is correct, See the link: https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/overview-identity-protection

configurar la politica solo el Usuario 3 y luego 3 y 4.

Oberte is correct User 3 and then 3 and 4.

On the exam, 7/23/2022.

Sec admin can configure and view all reports but cannot reset passwords Sec operate - can view reports but cannot change policies or reset passwords

just pass the exam today. This came in the question.

Tested to confirm: Configure: User 3 only Read report: Users 3 and 4

On the exam today - March 4, 2022

First box: User3 // Second box: User3 and User4 Tested!

Configure policy:User3 (Security Administrator) View : tried granted Eligible Security Operator cannot see the security blade, but if change to active, it can see Security Blade and see the report

On the exam 1/20/2022

Tested in Lab, correct answer is - Configure the user risk policy - user3 View the risky users report - user3 & user4