This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 78%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
for a user I need the role and permissions so I can read, edit, and create email threat policies for spam and phishing.
are the only roles for this higher privileged ones? is there a way to adjust those permissions to lower reach?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 35%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXQ%3C/text%3E%3C/svg%3E)
Hi, @Son man
From your description, I understand that you need more granular management of roles and permissions. I'm just offering a few suggestions from an Exchange Online perspective.
The roles and permissions to manage spam and phishing email threat policies include:
Global admin: The global admin has the highest privileges to manage all settings and features in your organisation, including the configuration and management of spam and phishing policies.
Security Administrator: The Security Administrator role focuses on security-related tasks, including managing email threat policies, viewing and editing security reports, and more.
Compliance administrators: Compliance administrators can manage compliance-related settings and policies, including email retention policies and data loss prevention (DLP) policies.
Exchange Administrators: Exchange administrators can manage all settings in Exchange Online, including mail flow rules, spam filtering, and phishing prevention policies.
You can assign the above permissions and roles to users as needed.
These higher-privileged roles aren't the only ones, and in order to adjust permissions to a lower scope, you can create custom roles with specific permissions to suit your needs. This can help restrict access to only necessary features without granting full administrative privileges. Similarly, you can assign a Global Reader or a Security Reader to allow other users to view the policy without any modifications.
For more information on how to create a custom role in Exchange Online, you can check out this article Manage role groups in Exchange Online | Microsoft Learn
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Hi, @Son man
Just wanted to check if the answer shared above helped. If it helped, then would request you to please "Accept the answer" as it would be helpful to others in the community as well.
Hi, @Son man
I'm still waiting for your latest progress, you can reply at any time. If your problem has been solved, you can also click "Accept Answer" to help others.
Hi, @Son man
Just checking in to see if above information was helpful.
If the issue has been resolved, please mark the helpful replies as answers.