Security Center Permissions

Roger Roger 6,246 Reputation points
2021-07-26T13:56:39.893+00:00

Hi All

i have a user and i would like to give him Read permissions to security center(https://securitycenter.microsoft.com/). If i add him to the Role Security reader in Azure AD, Will it work me. Please guide me.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,384 questions
0 comments No comments
{count} votes

Accepted answer
  1. JamesTran-MSFT 36,626 Reputation points Microsoft Employee
    2021-07-26T21:16:14.87+00:00

    @Roger Roger
    Thank you for your post!

    Assigning the Security Reader role in AzureAD to your user will work. However, keep in mind that you can assign this at the Azure AD or resource level with Azure RBAC (IAM). Depending on your requirements, the Azure AD Security Reader role and the Azure RBAC Security Reader role will give you a different set of permissions. For example, the AzureAD role will give a user global read-only access for security-related features, while the RBAC role will give the user view permissions (recommendations, alerts, a security policy, and security states) for Security Center.

    For more info:
    Azure AD Security Reader
    Azure RBAC Security Reader
    Permissions in Azure Security Center

    If you have any other questions, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.


1 additional answer

Sort by: Most helpful
  1. Cristian SPIRIDON 4,476 Reputation points
    2021-07-26T20:39:20.593+00:00

    Hi,

    If you want to assign roles for Defender for Endpoint, following article might help you.
    You will find different roles permissions and you will have to choose the ones that works for you:

    https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/user-roles?view=o365-worldwide

    Hope this helps.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.