Home » Microsoft » MS-100 v.2 » Which role group should you add User1?
You have a Microsoft 365 subscription that contains a Microsoft Azure Active Directory (Azure AD) tenant named contoso.com.
In the tenant, you create a user named User1.
You need to ensure that User1 can publish retention labels from the Security & Compliance admin center. The solution must use the principle of least privilege.
To which role group should you add User1?
A. Security Administrator
B. Records Management
C. Compliance Administrator
D. eDiscovery Manager
Correct Answer: C
Explanation/Reference:
Explanation:
Members of your compliance team who will create retention labels need permissions to the Security & Compliance Center. By default, your tenant admin has access to this location and can give compliance officers and other people access to the Security & Compliance Center, without giving them all of the permissions of a tenant admin. To do this, we recommend that you go to the Permissions page of the Security & Compliance Center, edit the Compliance Administrator role group, and add members to that role group.
Reference:
https://docs.microsoft.com/en-us/microsoft-365/compliance/labels#permissions
Records Management does it.
https://docs.microsoft.com/en-us/microsoft-365/compliance/records-management
because it is least privelege