Share via

Role & Permissions

Son man 20 Reputation points
Oct 8, 2024, 8:50 PM

What are the correct roles or permissions to let a user read and edit the email threat policies in Microsoft defender portal?

From what I can find it would be Security Administrator. Is there a way to lower this role so it is not as privileged, if no other built-in roles exist for it?

Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
214 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,301 questions
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint Training
Microsoft Defender for Endpoint: A Microsoft unified security platform for preventative protection, postbreach detection, and automated investigation and response. Previously known as Microsoft Defender Advanced Threat Protection.Training: Instruction to develop new skills.
51 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Vasil Michev 108.7K Reputation points MVP
    Oct 9, 2024, 6:45 AM

    Defender supports granular RBAC permissions, so you can just use that instead of the Entra roles. You can even create custom roles with just the permissions you need, read here: https://learn.microsoft.com/en-us/defender-xdr/create-custom-rbac-roles

    1 person found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.