Question

Your company has a Microsoft 365 E5 subscription, and you plan to implement insider risk management. You need to ensure that a user named admin1 can create insider risk management policies, using the principle of least privilege. Which role group should you assign to admin1?

Option 1: Security Administrator
Option 2: Insider Risk Management Administrator
Option 3: Compliance Administrator
Option 4: Global Administrator

Answer 1

Assign admin1 to the Insider Risk Management Administrator role group to manage insider risk management policies in Microsoft 365 E5, adhering to the principle of least privilege.

Step-by-step explanation:

To grant the necessary permissions to a user named admin1 to create insider risk management policies in a Microsoft 365 E5 subscription, while adhering to the principle of least privilege, you should assign admin1 to the Insider Risk Management Administrator role group. This role is specifically designed for managing insider risk policies and is the most appropriate choice for this task.

Option 1, Security Administrator, is too broad and may provide more permissions than necessary. Option 3, Compliance Administrator, is also broader than needed for this specific task. Option 4, Global Administrator, should be avoided as it provides comprehensive access to all administrative features; it's much broader than required and does not align with the principle of least privilege.