Your organization needs to give a security analyst access to view and manage Defender for Office 365 settings. However, you want to limit their access to prevent any potential changes to other Microsoft 365 services. Which of the following role assignments would be the most appropriate?