Forum Discussion

Stephan G's avatar
Stephan G
Brass Contributor
Jan 13, 2020
Solved

Quarantine Administrator - more rights needed?

Hi everyone,   i tried to deploy the new Quarantine Admin to the Admin users of our Office 365 admins. After mail enabling the user object in Exchange on prem (which is needed btw) the user can ac...
  • Stephan G's avatar
    Stephan G
    Feb 17, 2020
    Issue resolved - the role has been deployed. After that - Exchange Admins could no longer access the quarantine mails. I had to add them to "Quarantine Administrator" so that they can proceed.
Stephan G's avatar
Stephan G
Brass Contributor
Feb 17, 2020
Issue resolved - the role has been deployed. After that - Exchange Admins could no longer access the quarantine mails. I had to add them to "Quarantine Administrator" so that they can proceed.
Anonymous2115's avatar
Anonymous2115
Copper Contributor
Jan 11, 2023
How can I assign the quarantine admin role to a user? I can't find that role in admin center.
  • Kevin_Crouch's avatar
    Kevin_Crouch
    Brass Contributor
    Apr 18, 2023

    Anonymous2115 

    If you have the newer Defender Unified RBAC/"Microsoft 365 Defender" roles (which I believe requires certain levels of Defender licensing, possibly Defender for Office 365 P2, but I am not certain) - you should probably use this https://security.microsoft.com/mtp_roles (you may have to migrate/import existing permissions from Endpoint/Email and Collaboration permissions, such as Security Administrator or Security Operator, or Quarantine Administrator)

     

    If not, you may still be using Email and Collaboration Roles - which you should be able to check and access here to set Quarantine Administrator https://security.microsoft.com/emailandcollabpermissions

    Not directly related to your issue, but may be related to IMPORTING any permissions to Defender Unified RBAC are:
    Defender Endpoint Permissions: https://security.microsoft.com/preferences2/user_roles
    Azure AD Roles: https://security.microsoft.com/aadpermissions
    Cloud App Security Roles: https://security.microsoft.com/cloudapps/permissions/roles
    Email and Collaboration Roles: https://security.microsoft.com/emailandcollabpermissions


    But, again, I would highly encourage you to move to Defender Unified RBAC if it is available to you to simplify things. This article should walk through enabling RBAC if you can: https://learn.microsoft.com/en-us/microsoft-365/security/defender/activate-defender-rbac?view=o365-worldwide

     

    And then you should be able to access/migrate to the RBAC Roles here: https://security.microsoft.com/mtp_roles 

     

    You may have all of these, you may have two of these, you may just have one of them. I have tenants that have been around for various points as they created the Defender Endpoint roles and started centralizing/combining role permissions to all the Defender products, so I think I have all of them, or nearly all. Best advice is just try each one of the portal links mentioned above and you may be able to see them in your own environment here https://security.microsoft.com/securitypermissions 

    Where possible, use the newer style of permissions to avoid having to migrate later. 

     

Resources