HOTSPOT You create an environment for a company. You need to configure security to meet the company's requirements and follow the principle of least privilege. Which security roles should you assign? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point. 
You really do need all four roles for true least privilege: Environment Maker covers creation, Machine User allows running, User Can Share is just for sharing, and Owner handles group management. Microsoft breaks these out so users only get access they actually need. Pretty sure this matches best practice, but let me know if I'm missing a scenario where fewer would work.
Not quite sure about skipping the User and User Can Share roles. Sharing and running machines are split into separate permissions by Microsoft, so to meet least privilege you really need all four: Environment Maker, Desktop Flows Machine User, Desktop Flows Machine User Can Share, and Desktop Flows Machine Owner. I think it's a common trap to just pick Maker/Owner. Anyone disagree?
Need to assign all four: Environment Maker, Desktop Flows Machine User, Desktop Flows Machine User Can Share, and Desktop Flows Machine Owner. Microsoft splits permissions out pretty granularly-so sharing, running, creating, and ownership each have their own role. Keeps it tight for least privilege. Unless something in the scenario says otherwise, this combo fits best. Anyone see a reason to drop one?
