1,562 questions
Hi there, You can use this doc and add the role to custom PIM enabled security group:
How to use PIM with role permissions in Microsoft 365 Defender?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 87%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Kiril
96
Reputation points
We are using PIM for admin role management. However, some of the functionality in Microsoft 365 Defender requires additional roles, which are not part of being e.g. a Security Administrator. In order to do a "Hard Delete" action on phishing e-mails, you need an additional Search and Purge role assigned in the Microsoft 365 Defender as stated here: https://learn.microsoft.com/en-us/microsoft-365/security/defender/m365d-action-center?view=o365-worldwide#required-permissions-for-action-center-tasks.
How can I assign the additional Surge and Purge role using PIM?
Microsoft Security | Microsoft Defender | Microsoft Defender for Cloud
Microsoft Security | Microsoft Entra | Other
2,597 questions
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator2023-03-06T13:12:56.0433333+00:00 Hi @Kiril ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept Answer" which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks, Shweta
Sign in to comment
Accepted answer
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2023-03-02T17:52:16.6133333+00:00 -
Kiril 96 Reputation points
2023-03-03T12:30:28.1133333+00:00 Thank you for the link, looks exactly like the use case I needed. One question though about the steps described here:
There are two different roles sections which can be used for the same thing. I can create a Surge and Purge role in Microsoft 365 Defender and Email & collaboration roles. Is there any difference?
-
Kiril 96 Reputation points
2023-03-03T12:51:50.4733333+00:00 One question about the Permissions in https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/use-privileged-identity-management-in-defender-for-office-365?view=o365-worldwide#create-a-role-group-requiring-the-permissions-we-need.
What is the difference between Roles in Microsoft 365 Defender and Roles in Email & collaboration?
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator
2023-03-03T12:57:14.8166667+00:00 yes its the same role. I assigned under the "Email" role section and it works as expected:
Sign in to comment -