MS-500 Exam QuestionsBrowse all questions from this exam
Go to Exam

MS-500 Exam - Question 266

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a Microsoft 365 subscription that contains the users shown in the following table.

Exam MS-500 Question 266

You discover that all the users in the subscription can access Compliance Manager reports.

The Compliance Manager Reader role is not assigned to any users.

You need to recommend a solution to prevent a user named User5 from accessing the Compliance Manager reports.

Solution: You recommend modifying the licenses assigned to User5.

Does this meet the goal?

Show Answer
Correct Answer: B

Modifying the licenses assigned to User5 will not directly prevent access to Compliance Manager reports. Access to Compliance Manager is controlled by roles and permissions rather than licenses. To prevent User5 from accessing these reports, you would need to ensure that User5 is not assigned a role within Compliance Manager that grants access to those reports. Since there is no Compliance Manager Reader role assigned to any user, it implies that there is a default access setting that grants access. Modifying licenses wouldn't address this role-based access. Therefore, the recommended solution does not meet the goal.

Discussion

8 comments
Sign in to comment
mnak
Dec 16, 2020

Just an FYI, while this is correct for when the test was created, it is not correct anymore today. You no longer have to have at least one member in each compliance manager role to disable access to all users. MS finally decided in their infinite wisdom that it was a bad idea to have all your users be able to perform actions in compliance manager.... Reference: https://docs.microsoft.com/en-us/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud?view=o365-worldwide#permissions-and-role-based-access-control

Tom993
Nov 15, 2020

Outdated: https://docs.microsoft.com/en-us/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud?view=o365-worldwide "Note that there is no longer a default Guest access role. Each user must be assigned a role in order to access and work within Compliance Manager."

ifex380
Jan 3, 2020

This should be a big YES

ifex380
Jan 12, 2020

sorry. No.. The answer should be assigning the compliance manager reader role to user5

Wallace44
Jan 20, 2020

but we are trying to prevent user5 from accessing the compliance manager reports. How does assigning him the reader role prevent that?

AlistairMarini
May 31, 2020

Exactly. read the question again. Role and Licenses are different. in the question the proposed solution talks about licenses.

Wallace44
Jan 20, 2020

but we are trying to prevent user5 from accessing the compliance manager reports. How does assigning him the reader role prevent that?

AlistairMarini
May 31, 2020

Exactly. read the question again. Role and Licenses are different. in the question the proposed solution talks about licenses.

The_Shepherd
Nov 22, 2020

The given answer is correct :The answer is to assign the compliance manager reader role to user 1. Since no one was assigned this role, means every one have access. So when the role is assigned to User 1, User 5 loses access

Gamer50
Feb 12, 2021

Answer is YES. https://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#which-licenses-provide-the-rights-for-a-user-to-benefit-from-the-service-6

BobInTheMoon
Jan 30, 2020

If the User5 license is modified (maybe removed) this should prevent User5 from access to the Compliance Manager right? (not tested).

Akc0
Mar 22, 2021

AFAIK unlicensed users can still be compliance managers and do stuff in compliance/admin portals so answer should be No

gills
May 1, 2020

The answer is to assign the compliance manager reader role to user 1. Since no one was assigned this role, means every one have access. So when the role is assigned to User 1, User 5 loses access.

jwkin
May 21, 2020

Can you provide a link that states that? I cannot find anything about assigning the reader role to prevent other users access.

Rstilekar
Nov 24, 2021

Answer is correct (NO) but question is Outdated now: https://docs.microsoft.com/en-us/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud?view=o365-worldwide OR https://docs.microsoft.com/en-us/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud?view=o365-worldwide#permissions-and-role-based-access-control "Note that there is no longer a default Guest access role. Each user must be assigned a role in order to access and work within Compliance Manager."