Assign user access
Applies to:
- Microsoft Entra ID
- Office 365
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Defender for Endpoint? Sign up for a free trial.
Defender for Endpoint supports two ways to manage permissions:
- Basic permissions management: Set permissions to either full access or read-only.
- Role-based access control (RBAC): Set granular permissions by defining roles, assigning Microsoft Entra user groups to the roles, and granting the user groups access to device groups. For more information on RBAC, see Manage portal access using role-based access control.
Note
If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
- Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Microsoft Entra ID), are automatically assigned the default Defender for Endpoint administrator role, which also has full access. Additional Microsoft Entra user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC. Only users assigned to the Defender for Endpoint administrator role can manage permissions using RBAC.
- Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Microsoft Entra user groups can be assigned a role under RBAC.
- After switching to RBAC, you will not be able to switch back to using basic permissions management.
Device group creation is supported in Defender for Endpoint Plan 1 and Plan 2.
Related topics
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
フィードバック
https://aka.ms/ContentUserFeedback」を参照してください。
以下は間もなく提供いたします。2024 年を通じて、コンテンツのフィードバック メカニズムとして GitHub の issue を段階的に廃止し、新しいフィードバック システムに置き換えます。 詳細については、「フィードバックの送信と表示