You are responsible for Azure and Office 365 security in your organization. You have a Microsoft 365 E5 subscription. To be compliant with new security directives from your CIO you must ensure that: 
- When helpdesk staff are assigned the User administrator role has time-limited permissions. 
- They must use MFA to request the role before it is given. 
What should you configure? 

Answer options:

A.Microsoft Azure Active Directory Privileged Identity Management
B.Microsoft Azure AD user management
C.Microsoft Office 365 Supervision
D.Security & Compliance permissions

Correct Answer: A 
You should configure a time limited eligible role assignment in Microsoft AAD Privileged Identity Management. 
If you have been made eligible for an administrative role, then you must activate the role assignment when you need to perform privileged actions. You can enforce a time limit and require MFA authentication on active assignments. 

Option B is incorrect. User management in Azure AD will not enable eligible role assignments. This must be configured in Privileged Identity Management
Option C is incorrect. Office 365 Supervision is a feature that gives you the tools to monitor your employees’ communications.
Option D is incorrect. Security & Compliance permissions enables people to perform compliance tasks like device management, data loss prevention, eDiscovery, retention, and so on.
Reference:
To know more about privileged identity management, please refer to the link below: 

https://docs.microsoft.com/en-us/azure/active-directory/privileged-identity-management/pim-how-to-change-default-settings?tabs=new