Microsoft Defender XDR Unified role-based access control (RBAC)
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
- Microsoft Defender for Identity
- Microsoft Defender for Office 365 P2
- Microsoft Defender Vulnerability Management
Some information in this article relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Microsoft Defender XDR provides integrated threat protection, detection, and response across endpoints, email, identities, applications, and data within a single portal. Controlling a user's permissions around their access to view data or complete tasks is essential for organizations to minimize the risks associated with unauthorized access.
The Microsoft Defender XDR Unified role-based access control (RBAC) model provides a single permissions management experience that provides one central location for administrators to control user permissions across different security solutions.
What's supported by the Microsoft Defender XDR Unified RBAC model
Centralized permissions management is supported for the following solutions:
|Microsoft Defender XDR||Centralized permissions management for Microsoft Defender XDR experiences.|
|Microsoft Defender for Endpoint||Full support for all endpoint data and actions. All roles are compatible with the device group's scope as defined on the device groups page.|
|Microsoft Defender Vulnerability Management||Centralized permissions management for all Defender Vulnerability Management capabilities.|
|Microsoft Defender for Office 365||Full support for all email & collaboration data and actions scenarios that are controlled by Exchange Online Protection roles (EOP) as well as scenarios controlled by Exchange Online (EXO).
Note: The Microsoft Defender XDR RBAC model will initially be available for organizations with Microsoft Defender for Office Plan 2 licenses only. This capability is not available to users on trial licenses.
Granular delegated admin privileges (GDAP) is not supported.
Remote PowerShell is not supported.
|Microsoft Defender for Identity||Full support for all identity data and actions.
Note: Defender for Identity experiences will also adhere to permissions granted from Microsoft Defender for Cloud Apps. For more information, see Microsoft Defender for Identity role groups.
|Microsoft Secure Score||Full support for all Secure Score data from the Products included in Secure Score.|
Scenarios and experiences controlled by Compliance permissions are still managed in the Microsoft Purview compliance portal.
This offering isn't currently available for Microsoft Defender for CloudApps.
Before you start
This section provides useful information on what you need to know before you start using Microsoft Defender XDR Unified RBAC.
Unified RBAC - Preview experience is currently not available for US Government customers using GCC and GCC High.
You must be a Global Administrator or Security Administrator in Microsoft Entra ID to:
Gain initial access to Permissions and roles in the Microsoft Defender portal.
Manage roles and permissions in Microsoft Defender XDR Unified RBAC.
Create a custom role that can grant access to security groups or individual users to manage roles and permissions in Microsoft Defender XDR unified RBAC. This will remove the need for Microsoft Entra global roles to manage permissions. To do this you need assign the Authorization permission in Microsoft Defender XDR Unified RBAC. For details on how to assign the Authorization permission, see Create a role to access and manage roles and permissions.
The Microsoft Defender XDR security solution will continue to respect existing Microsoft Entra global roles when you activate the Microsoft Defender XDR Unified RBAC model for some or all of your workloads i.e. Global Admins will retain assigned admin privileges.
Migration of existing roles and permissions
The new Microsoft Defender XDR Unified RBAC model provides easy migration of the existing permissions in the individual supported unified RBAC models to the new RBAC model.
All permissions listed within the Microsoft Defender XDR Unified RBAC model align to permissions in the individual RBAC models to ensure backward compatibility. For more information on how the permissions align, see Map permissions in Microsoft Defender XDR unified role-based access control (RBAC).
Activation of the Microsoft Defender XDR Unified RBAC model
You must activate the workloads in Microsoft Defender XDR to use the Microsoft Defender XDR Unified RBAC model. Until activated, Microsoft Defender XDR will continue to respect the existing RBAC models. For more information, see Activate Microsoft Defender XDR Unified RBAC.
When you activate some or all of your workloads to use the new permission model, the roles and permissions for these workloads will be fully controlled by the Microsoft Defender XDR Unified RBAC model in the Microsoft Defender portal.
Start using Microsoft Defender XDR Unified RBAC model
Use the following steps as a guide to start using the Microsoft Defender XDR Unified RBAC model:
Get started with creating custom roles and importing roles from existing RBAC role models
Activate and manage your roles with the Microsoft Defender XDR Unified RBAC model
Learn more about the Microsoft Defender XDR Unified RBAC model
Watch the following video to see the steps above in action:
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.