MS-102 Exam - Question 124

Question

HOTSPOT-You have a Microsoft 365 E5 subscription that contains the users shown in the following table. You are implementing Microsoft Defender for Endpoint. You need to enable role-based access control (RBAC) to restrict access to the Microsoft 365 Defender portal. Which users can enable RBAC, and which users will no longer have access to the Microsoft 365 Defender portal after RBAC is enabled? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

Examice · Accepted Answer

.

cb0900 · Answer

Agree with the answers.  
Enable RBAC: Admin1 and Admin 2
No longer have access: Admin 3 and Admin 4

Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Azure AD Security reader role) to lose access until they are assigned to a role.

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide#before-you-begin

https://www.examtopics.com/discussions/microsoft/view/110910-exam-ms-101-topic-2-question-138-discussion/

m2L · Answer

NO2 :  Admin3, Admin4, Admin5

Tomtom11 · Answer

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

Initially, only those with Microsoft Entra Global Administrator or Security Administrator rights will be able to create and assign roles in the Microsoft Defender portal, therefore, having the right groups ready in Microsoft Entra ID is important.

Turning on role-based access control will cause users with read-only permissions (for example, users assigned to Microsoft Entra Security reader role) to lose access until they are assigned to a role.

Users with admin permissions are automatically assigned the default built-in Defender for Endpoint global administrator role with full permissions. After opting in to use RBAC, you can assign additional users that are not Microsoft Entra Global or Security Administrators to the Defender for Endpoint global administrator role.

After opting in to use RBAC, you cannot revert to the initial roles as when you first logged into the portal.

Jamesat · Answer

Agreed.

After enabling RBAC only Global Admin and Security Admin will have access so Admin 1 and Admin 2 is correct.

For the second question it is Admin 3 and Admin 4. The question is Users that will NO LONGER have access. The Application Admin never had access so shouldn't be included.

Murad01 · Answer

Given answer are correct

jarattdavis · Answer

= Admin1 and Admin2 can enable RBAC because they have the highest-level administrative privileges (Global Administrator and Security Administrator).

= Admin3, Admin4, and Admin5 will lose access to the Microsoft 365 Defender portal after RBAC is enabled. This is because they have roles that are typically granted limited or read-only access, and RBAC allows for granular control over permissions.

APK1 · Answer

Given answer is correct.
For the second question here is the key point in the question "Users that will NO LONGER have access" -  The Application Admin never had access so shouldn't be included.

Frank_2022 · Answer

Users who can enable RBAC:
Admin1 (Global Admin)
Admin2 (Security Admin)
Users who will lose access after RBAC is enabled:
Admin3 (Security Operator)
Admin4 (Security Reader)
Admin5 (Application Admin)

MS-102 Exam - Question 124

Discussion