Forum Discussion
Defender RBAC - Grant at least priviliged for Quarantine handling NOT WORKING
Hi everyone, I've already deployed new Defender RBAC permission. I want to assign permission for quarantine message handling WITHOUT Preview Message option. I,ve configured Defender RBAC in fol...
HeikeRitter
Microsoft
MicrosoftMarcinRDR Hi Marcin, FaithEbenezerOquong wrote earlier, that this is by design.
Ok I understand.
I'm wondering why is "content read" option in Defender RBAC if I can not use it for handle quarantine without message content view for my sub admins (only manage mail)
For example, admin can use increase phish and spam threshold
It result, many false positive message forward to quarantine
Admin can read content most of confidential VIP's emails.
In some malicious cases, admin can leverage this design for read content for confidential messages.
Anyway thanks for information.
- Hi Marcin,
Let me resurface Faith's response above.
We make the distinction between reading the content of bad emails vs all emails.
Any security analyst can Preview email content for Quarantined emails, to decide if this email should be released or not. This is available for the Entra ID Security Reader as well.
To Preview all emails across the organization, including those that in the inbox of some users, a security analyst will need an additional permission, Security Operations/Email & collaboration content (read) permission in Defender XDR (or EOP Preview role).
