Forum Discussion

Stephan G's avatar
Stephan G
Brass Contributor
Jan 13, 2020
Solved

Quarantine Administrator - more rights needed?

Hi everyone,   i tried to deploy the new Quarantine Admin to the Admin users of our Office 365 admins. After mail enabling the user object in Exchange on prem (which is needed btw) the user can ac...
  • Stephan G's avatar
    Stephan G
    Feb 17, 2020
    Issue resolved - the role has been deployed. After that - Exchange Admins could no longer access the quarantine mails. I had to add them to "Quarantine Administrator" so that they can proceed.
Stephan G's avatar
Stephan G
Brass Contributor
Jan 14, 2020

Got this mail today stating

"On February 10, 2020, we are updating the roles required to access and manage Quarantine"

 

If you use Exchange Online RBAC roles to manage Quarantine then you will need to assign the Security and Compliance Center Security Administrator or Quarantine Administrator role to the user(s) that require access to Quarantine.

You do not need to modify the existing Exchange Online roles.

 

Does it mean i have to set the Exchange Quarantine Role additional?

 

 

  • Stephan G's avatar
    Stephan G
    Brass Contributor
    Feb 17, 2020
    Issue resolved - the role has been deployed. After that - Exchange Admins could no longer access the quarantine mails. I had to add them to "Quarantine Administrator" so that they can proceed.
    • Anonymous2115's avatar
      Anonymous2115
      Copper Contributor
      Jan 11, 2023
      How can I assign the quarantine admin role to a user? I can't find that role in admin center.
      • Kevin_Crouch's avatar
        Kevin_Crouch
        Brass Contributor
        Apr 18, 2023

        Anonymous2115 

        If you have the newer Defender Unified RBAC/"Microsoft 365 Defender" roles (which I believe requires certain levels of Defender licensing, possibly Defender for Office 365 P2, but I am not certain) - you should probably use this https://security.microsoft.com/mtp_roles (you may have to migrate/import existing permissions from Endpoint/Email and Collaboration permissions, such as Security Administrator or Security Operator, or Quarantine Administrator)

         

        If not, you may still be using Email and Collaboration Roles - which you should be able to check and access here to set Quarantine Administrator https://security.microsoft.com/emailandcollabpermissions

        Not directly related to your issue, but may be related to IMPORTING any permissions to Defender Unified RBAC are:
        Defender Endpoint Permissions: https://security.microsoft.com/preferences2/user_roles
        Azure AD Roles: https://security.microsoft.com/aadpermissions
        Cloud App Security Roles: https://security.microsoft.com/cloudapps/permissions/roles
        Email and Collaboration Roles: https://security.microsoft.com/emailandcollabpermissions


        But, again, I would highly encourage you to move to Defender Unified RBAC if it is available to you to simplify things. This article should walk through enabling RBAC if you can: https://learn.microsoft.com/en-us/microsoft-365/security/defender/activate-defender-rbac?view=o365-worldwide

         

        And then you should be able to access/migrate to the RBAC Roles here: https://security.microsoft.com/mtp_roles 

         

        You may have all of these, you may have two of these, you may just have one of them. I have tenants that have been around for various points as they created the Defender Endpoint roles and started centralizing/combining role permissions to all the Defender products, so I think I have all of them, or nearly all. Best advice is just try each one of the portal links mentioned above and you may be able to see them in your own environment here https://security.microsoft.com/securitypermissions 

        Where possible, use the newer style of permissions to avoid having to migrate later. 

         

Resources