Microsoft Defender XDR provides integrated threat protection, detection, and response across endpoints, email, identities, applications, and data within a single portal. Controlling a user's permissions around their access to view data or complete tasks is essential for organizations to minimize the risks associated with unauthorized access.
The Microsoft Defender XDR Unified role-based access control (RBAC) model provides a single permissions management experience that provides one central location for administrators to control user permissions across different security solutions.
What's supported by the Microsoft Defender XDR Unified RBAC model
Centralized permissions management is supported for the following solutions:
Solution
Description
Microsoft Defender XDR
Centralized permissions management for Microsoft Defender XDR experiences.
Microsoft Defender for Endpoint
Full support for all endpoint data and actions. All roles are compatible with the device group's scope as defined on the device groups page.
Microsoft Defender Vulnerability Management
Centralized permissions management for all Defender Vulnerability Management capabilities.
Microsoft Defender for Office 365
Full support for all data and actions.
Note:
Initially, the Microsoft Defender XDR RBAC model is available only for organizations with Microsoft Defender for Office 365 Plan 2 licenses (trial licenses aren't supported).
Manage roles and permissions in Microsoft Defender XDR Unified RBAC.
Create a custom role that can grant access to security groups or individual users to manage roles and permissions in Microsoft Defender XDR unified RBAC. This removes the need for Microsoft Entra global roles to manage permissions. To do this, you need to assign the Authorization permission in Microsoft Defender XDR Unified RBAC. For details on how to assign the Authorization permission, see Create a role to access and manage roles and permissions.
The Microsoft Defender XDR security solution continues to respect existing Microsoft Entra global roles when you activate the Microsoft Defender XDR Unified RBAC model for some or all of your workloads, that is, Global Administrators retain assigned administrator privileges.
Important
Global Administrator is a highly privileged role that should be limited to scenarios when you can't use an existing role.
Migration of existing roles and permissions
The new Microsoft Defender XDR Unified RBAC model provides easy migration of the existing permissions in the individual supported unified RBAC models to the new RBAC model.
Activation of the Microsoft Defender XDR Unified RBAC model
You must activate the workloads in Microsoft Defender XDR to use the Microsoft Defender XDR Unified RBAC model. Until activated, Microsoft Defender XDR continues to respect the existing RBAC models. For more information, see Activate Microsoft Defender XDR Unified RBAC.
When you activate some or all of your workloads to use the new permission model, the roles and permissions for these workloads are fully controlled by the Microsoft Defender XDR Unified RBAC model in the Microsoft Defender portal.
Start using Microsoft Defender XDR Unified RBAC model
Use the following steps as a guide to start using the Microsoft Defender XDR Unified RBAC model:
Get started with creating custom roles and importing roles from existing RBAC role models