Defender supports granular RBAC permissions, so you can just use that instead of the Entra roles. You can even create custom roles with just the permissions you need, read here: https://learn.microsoft.com/en-us/defender-xdr/create-custom-rbac-roles
Role & Permissions
Son man
20
Reputation points
What are the correct roles or permissions to let a user read and edit the email threat policies in Microsoft defender portal?
From what I can find it would be Security Administrator. Is there a way to lower this role so it is not as privileged, if no other built-in roles exist for it?