You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table

HOTSPOT

You have a Microsoft Azure Active Directory (Azure AD) tenant that contains the users shown in the following table.

Your company uses Windows Defender Advanced Threat Protection (ATP).

Windows Defender ATP contains the roles shown in the following table.

Windows Defender ATP contains the device groups shown in the following table.

For each of the following statements, select Yes if the statement is true. Otherwise, select No. NOTE: Each correct selection is worth one point.

View Answer

Answer:

Explanation:

Box 1: Yes.

User1 is in Group1 which is assigned to Role1. Device1 is in the device group named ATP1 which Group1 has access to. Role1 gives Group1 (and User1) View Data Permission. This is enough to view Device1 in Windows Security Center.

Box 2: Yes.

User2 is in Group2 which is assigned to Role2. Role2 gives Group2 (and User2) View Data Permission. This is enough to sign in to Windows Security Center.

Box 3: Yes.

User3 is in Group3 which is assigned the Windows ATP Administrator role. Someone with a Microsoft Defender ATP Global administrator role has unrestricted access to all machines, regardless of their machine group association and the Azure AD user groups assignments.

Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/rbac