Understand the key concepts of just-in-time access and just-enough-access in Microsoft 365, which align with the principle of least privilege for enhanced security and reduced attack surface.
Table of Contents
Question
A company is evaluating Microsoft 365.
You need to identify concepts of using the principle of least privilege.
Which two concepts should you identify? Each correct answer presents a complete solution.
NOTE: Each correct selection is worth one point.
A. Just-in-time access
B. Just-enough-access
C. Azure AD multifactor authentication
D. Blocking legacy authentication
Answer
A. Just-in-time access
B. Just-enough-access
Explanation
Just-in-time (JIT) access and just-enough-access (JEA) are two principles that align with the least privilege concept in Microsoft 365 security. Just-in-time access grants users privileged access for a limited time, only when required, and revokes access after task completion. Just-enough-access limits user permissions to only the required resources and actions needed to perform their role.
Together, these principles ensure that users have the minimum necessary privileges to complete their tasks, reducing the attack surface and minimizing the potential impact of compromised accounts.
Microsoft 365 Fundamentals MS-900 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Microsoft 365 Fundamentals MS-900 exam and earn Microsoft 365 Fundamentals MS-900 certification.