What's new in Microsoft Defender XDR Unified role-based access control (RBAC)

This article provides information about new features and important product updates for the latest release of Microsoft Defender XDR Unified role-based access control (RBAC).

January 2024

Microsoft Defender XDR Unified RBAC is now generally available to GCC High and DoD customers. To learn more about the supported workloads and supported data sources, see Microsoft Defender XDR Unified role-based access control (RBAC).

The process of importing roles from individual workloads' RBAC models into Microsoft Defender XDR Unified RBAC has been improved. Admins can now view the permissions and assignment of a role before importing it by clicking the role name at the roles to import selection stage.

December 2023

Microsoft Defender XDR Unified RBAC is now generally available

Microsoft Defender XDR Unified RBAC is now generally available. This offering is also available to GCC Moderate customers. To learn more about the supported workloads and supported data sources, see Microsoft Defender XDR Unified role-based access control (RBAC).

October 2023

Exchange Online permission management for Microsoft Defender for Office 365 is now supported in Microsoft Defender XDR Unified role-based access control (RBAC) providing full integration of Defender for Office 365 roles and permissions

Microsoft Defender XDR Unified Role-Based Access Control (RBAC) model now supports all security permission management scenarios for Microsoft Defender for Office 365.

In addition to the existing support for scenarios that are controlled by Email & collaboration roles (configured in the Microsoft Defender portal at https://security.microsoft.com/emailandcollabpermissions), Microsoft Defender XDR Unified RBAC now also supports the management of protection-related Exchange Online permissions, which could previously only be managed in the Exchange admin center (EAC) at https://admin.exchange.microsoft.com/#/adminRoles. To learn more about the Exchange Online permissions that are now supported, see Exchange Online permissions mapping.

September 2023

Export roles for Microsoft Defender XDR Unified role-based access control (RBAC)

Now you can easily export your existing roles in Unified RBAC to a CSV file. The exported file will include details such as the role name, the included permissions, the assigned users or user groups, and assigned data sources. When a role has multiple assignments, each assignment will be listed on a separate row in the CSV file. The CSV also includes a snapshot of the Unified RBAC activation status for each workload available on the tenant. For more information, see Edit, delete and export roles.

August 2023

Detection tuning and Security settings permissions

You can now assign a new granular permission called Detection tuning (manage) in Microsoft Defender 365 Unified RBAC. Granting the Detection Tuning (manage) permission allows security operations analysts to create and manage Custom Detection, Alerts Tuning, and Threat Indicators of Compromise rules without granting them the full Security Settings (manage) permission.

You can add the new permissions to a custom role by selecting Authorization and settings \ Security settings when creating or updating the role. For more information, see Create custom roles with Microsoft Defender XDR Unified RBAC.

The Security settings permission name has been updated to Core security settings. This change has no impact on existing roles and permissions.

Microsoft Defender Vulnerability Management permissions are now integrated with Microsoft Defender XDR Unified role-based access control (RBAC)

You can now control access and grant granular permissions for Microsoft Defender Vulnerability Management as part of the Microsoft Defender XDR Unified RBAC model. For more information, see Microsoft Defender 365 Unified role-based access control (RBAC). You can add the new permissions to a custom role by selecting them from the Security posture permissions group when creating the role. For more information, see Create custom roles with Microsoft Defender XDR Unified RBAC.

Microsoft Secure Score permissions integration with Microsoft Defender XDR Unified role-based access control (RBAC) is now in Public Preview

You can control access and grant granular permissions for the Microsoft Secure Score experience as part of the Microsoft Defender XDR Unified RBAC model. For more information, see Manage permissions with Microsoft Defender XDR Unified role-based access control(RBAC).

A new file collection permission in Microsoft Defender XDR Unified RBAC is now in Public Preview

You can now assign a new granular permission in Microsoft Defender XDR Unified RBAC that allows users to collect or download files for analysis. This permission enables Microsoft Defender for Endpoint users download files directly from the file page and during a live response investigation in the live response console. You can add the new permission to a custom role by selecting it from the Security operations permissions group when creating the role. For more information, see Create custom roles with Microsoft Defender XDR Unified RBAC.

For more information on what's new with other Microsoft Defender security products, see:

• What's new in Microsoft Defender Vulnerability Management
• What's new in Microsoft Defender for Endpoint
• What's new in Microsoft Defender XDR
• What's new in Microsoft Defender for Office 365
• What's new in Microsoft Defender for Identity
• What's new in Microsoft Defender for Cloud Apps