Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article provides information about new features and important product updates for the latest release of Microsoft Defender XDR Unified role-based access control (RBAC).
March 2025
Starting March 2, 2025, new Microsoft Defender for Identity tenants will have the Unified RBAC model as their default permissions model. They won't be able to export roles and permissions from the current model. Existing Defender for Identity tenants will maintain their current roles and permissions configuration.
February 2025
Starting February 16, 2025, the Microsoft Defender XDR Unified RBAC model is the default permissions model for new Microsoft Defender Endpoint tenants. These new tenants won't have the capability to export roles and permissions from the current model. Defender for Endpoint tenants with roles and permissions assigned or exported prior to this date will maintain their current roles and permissions configuration.
November 2024
Microsoft Defender for Cloud Apps permissions are now integrated with Microsoft Defender XDR Unified role-based access control (RBAC)
You can control access and grant granular permissions for Microsoft Defender for Cloud Apps as part of the Microsoft Defender XDR Unified RBAC model. For more information, see Map Microsoft Defender for Cloud Apps permissions to the Microsoft Defender XDR Unified RBAC permissions. To activate the Defender for Cloud Apps workload, see Activate Microsoft Defender XDR Unified RBAC.
May 2024
The permissions model to access Email & collaboration schema in advanced hunting for Microsoft Defender for Office 365 customers has been updated to align with Threat Explorer.
As part of this change, customers who are using Microsoft Defender XDR Unified RBAC with Defender for Office 365 should use the Security operations \ Raw data \ Email & collaboration metadata (read) permission to grant analysts access to the Email & collaboration schema in advanced hunting.
Users with the Security operations \ Security data \ Security data basics (read) permission for Defender for Office 365 will no longer have access to the Email & collaboration schema in advanced hunting, but will keep their access to the Alerts & behaviors schema.
January 2024
Microsoft Defender XDR Unified RBAC is now generally available to GCC High and DoD customers. To learn more about the supported workloads and supported data sources, see Microsoft Defender XDR Unified role-based access control (RBAC).
The process of importing roles from individual workloads' RBAC models into Microsoft Defender XDR Unified RBAC has been improved. Admins can now view the permissions and assignment of a role before importing it by clicking the role name at the roles to import selection stage.
December 2023
Microsoft Defender XDR Unified RBAC is now generally available
Microsoft Defender XDR Unified RBAC is now generally available. This offering is also available to GCC Moderate customers. To learn more about the supported workloads and supported data sources, see Microsoft Defender XDR Unified role-based access control (RBAC).
October 2023
Exchange Online permission management for Microsoft Defender for Office 365 is now supported in Microsoft Defender XDR Unified role-based access control (RBAC) providing full integration of Defender for Office 365 roles and permissions
Microsoft Defender XDR Unified Role-Based Access Control (RBAC) model now supports all security permission management scenarios for Microsoft Defender for Office 365.
In addition to the existing support for scenarios that are controlled by Email & collaboration roles (configured in the Microsoft Defender portal at https://security.microsoft.com/emailandcollabpermissions), Microsoft Defender XDR Unified RBAC now also supports the management of protection-related Exchange Online permissions, which could previously only be managed in the Exchange admin center (EAC) at https://admin.exchange.microsoft.com/#/adminRoles. To learn more about the Exchange Online permissions that are now supported, see Exchange Online permissions mapping.
September 2023
Export roles for Microsoft Defender XDR Unified role-based access control (RBAC)
Now you can easily export your existing roles in Defender XDR Unified RBAC to a CSV file. The exported file will include details such as the role name, the included permissions, the assigned users or user groups, and assigned data sources. When a role has multiple assignments, each assignment will be listed on a separate row in the CSV file. The CSV also includes a snapshot of the Defender XDR Unified RBAC activation status for each workload available on the tenant. For more information, see Edit, delete and export roles.
August 2023
Detection tuning and Security settings permissions
You can now assign a new granular permission called Detection tuning (manage) in Microsoft Defender XDR Unified RBAC. Granting the Detection Tuning (manage) permission allows security operations analysts to create and manage Custom Detection, Alerts Tuning, and Threat Indicators of Compromise rules without granting them the full Security Settings (manage) permission.
You can add the new permissions to a custom role by selecting Authorization and settings \ Security settings when creating or updating the role. For more information, see Create custom roles with Microsoft Defender XDR Unified RBAC.
The Security settings permission name has been updated to Core security settings. This change has no impact on existing roles and permissions.
Microsoft Defender Vulnerability Management permissions are now integrated with Microsoft Defender XDR Unified role-based access control (RBAC)
You can now control access and grant granular permissions for Microsoft Defender Vulnerability Management as part of the Microsoft Defender XDR Unified RBAC model. For more information, see Microsoft Defender 365 Unified role-based access control (RBAC). You can add the new permissions to a custom role by selecting them from the Security posture permissions group when creating the role. For more information, see Create custom roles with Microsoft Defender XDR Unified RBAC.
Microsoft Secure Score permissions integration with Microsoft Defender XDR Unified role-based access control (RBAC) is now in Public Preview
You can control access and grant granular permissions for the Microsoft Secure Score experience as part of the Microsoft Defender XDR Unified RBAC model. For more information, see Manage permissions with Microsoft Defender XDR Unified role-based access control(RBAC).
A new file collection permission in Microsoft Defender XDR Unified RBAC is now in Public Preview
You can now assign a new granular permission in Microsoft Defender XDR Unified RBAC that allows users to collect or download files for analysis. This permission enables Microsoft Defender for Endpoint users download files directly from the file page and during a live response investigation in the live response console. You can add the new permission to a custom role by selecting it from the Security operations permissions group when creating the role. For more information, see Create custom roles with Microsoft Defender XDR Unified RBAC.
For more information on what's new with other Microsoft Defender security products, see: