A small-business owner purchases a subscription to a cloud-based productivity tool suite and needs to set it up across all company devices. The owner wants to configure the software to follow the principle of least privilege. Which of the following should the owner do to configure the productivity tools effectively?

Multifactor authentication adds an extra layer of security by requiring users to provide multiple forms of verification before accessing the productivity tools. While this is a good security practice, it does not directly relate to configuring the software with the principle of least privilege.

Updating devices before installing the productivity tools is important for security and compatibility reasons but does not specifically address the principle of least privilege. This action ensures that the devices have the latest patches and features but does not limit user permissions based on their roles.

Setting up automatic data backups to the cloud is crucial for data protection and disaster recovery but is not directly related to configuring the software with the principle of least privilege. While data backups are essential, they do not restrict user access based on their roles within the organization.