Forum Discussion

drivesafely's avatar
drivesafely
Iron Contributor
Feb 20, 2025

Edit Policy Permission Issue in MDE Portal

Dear All,   We are facing an issue with permission assignments in the MDE portal.   We assigned the following permissions to the account (e.g., email address removed for privacy reasons):   - MDE ...
saulov8's avatar
saulov8
MCT
Feb 20, 2025

Have you tried assign more Intune permissions to the account? When MDE is integrated with Intune, endpoint security policies are managed in Intune. These policies are configured in the Intune admin center and enforced via MDE, meaning you need more Intune permissions than Read Only Operator to create them.

drivesafely's avatar
drivesafely
Iron Contributor
Feb 20, 2025

Hello saulov8 

Thanks for your response.

I've created an Intune custom role with permissions for ASR, and the user can now edit/create ASR policies. Could you confirm which permissions are needed for other policies like Antivirus, Windows Security Experience, etc.?

Thanks

  • saulov8's avatar
    saulov8
    MCT
    Feb 20, 2025

    Maybe try the Endpoint Security Manager role

    • drivesafely's avatar
      drivesafely
      Iron Contributor
      Feb 22, 2025

      Hello saulov8 

      I have tested the Endpoint Security Manager role, and while it functions as expected, it also grants additional permissions beyond what we require, which is not ideal.

      Thanks.

      • drivesafely's avatar
        drivesafely
        Iron Contributor
        Feb 23, 2025

        Hello All,

        After testing different permissions, i was able to give right to edit the policies by creating custom role with permissions - 'Attack Surface Reduction' and 'Security baselines'.