Редагувати

Поділитися через


Import roles to Microsoft Defender XDR Unified role-based access control (RBAC)

Applies to:

Import roles to Microsoft Defender XDR Unified RBAC from individual RBAC models

You can import existing roles that are maintained as part of individual supported products in Microsoft Defender XDR (for example, Microsoft Defender for Endpoint) to the Microsoft Defender XDR Unified RBAC model.

Importing roles will migrate and maintain the roles with full parity in relation to their permissions and user assignments in the Microsoft Defender XDR Unified RBAC model.

Note

Once roles are migrated, you can modify the imported roles and change the level of permissions as needed.

The following steps guide you on how to import roles into Microsoft Defender XDR Unified RBAC:

Important

You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the Authorization permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see Permission pre-requisites. Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

  1. Sign in to the Microsoft Defender portal.

  2. In the navigation pane, select Permissions.

  3. Select Roles under Microsoft Defender XDR to get to the Permissions and roles page.

  4. Select Import role.

  5. Select the products you want to import roles from.

    Screenshot of the import workloads page

  6. Select Next to choose the roles to import. You can choose all roles or select specific roles from the list. Select the role name to review the permissions and assigned users or groups for that specific role.

  7. Select the roles you want to import and select Next.

    Note

    If the role you want to import appears in the Roles not eligible for import list, it contains assignments for users or user groups that no longer exist in Entra ID.

    To import this role to Microsoft Defender XDR Unified RBAC, remove the user or user group from the role in the original RBAC model. Select the role to view the list of users that still exist for that role to determine which user or group to remove.

  8. Select Submit.

  9. Select Done on the confirmation page.

Now that you have imported your roles you will be able to View and edit roles and activate the workloads.

For the Microsoft Defender XDR security portal to start enforcing the permissions and assignments configured in your new or imported roles, you'll need to activate the new Defender XDR Unified RBAC model. For more information, see Activate the workloads.

Imported roles appear in the Permissions and roles list together with any custom roles you might have created. All imported roles will be marked as Imported in the description. Once you edit an imported role it will no longer be marked as Imported.

Note

You can import roles as frequently as required. After you edit an imported role, the changes will not affect the original role where it was imported from. This means you have the option to delete an imported role and re-import the original role, if required. If you import the same role twice you will create a duplicate role.

Next steps

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.