Forum Discussion
Defender RBAC - Grant at least priviliged for Quarantine handling NOT WORKING
Microsoft- I've still got problems with this configuration.
What is status resolving this case?
Has everyone similar problem?
In my opinion this is important for quarantine handle features.- HeikeRitter
MarcinRDR Hi Marcin, FaithEbenezerOquong wrote earlier, that this is by design.
Ok I understand.
I'm wondering why is "content read" option in Defender RBAC if I can not use it for handle quarantine without message content view for my sub admins (only manage mail)
For example, admin can use increase phish and spam threshold
It result, many false positive message forward to quarantine
Admin can read content most of confidential VIP's emails.
In some malicious cases, admin can leverage this design for read content for confidential messages.
Anyway thanks for information.
- FaithEbenezerOquong
MarcinRDR thanks for bringing this feedback to our attention.
After investigation into the concern you raised, we have found that this is by design.
Security reader role have the permission Review and preview all messages that have been quarantined for all users in the organization. Manage quarantined messages and files as an admin | Microsoft Learn
please note that this is specifically for Quarantined messages. This does not apply to messages that have already made it to the user inbox folder.
this design has always existed prior to Unified role-based access control feature.
- Hi,
Thanks for answer.
My users is assigned only to Defender RBAC.
Tested user has not been assigned in Entra ID roles as security reader or security admin.
The user has not been assigned to any roles in Entra ID or Azure RBAC
