Forum Discussion

G_Man's avatar
G_Man
Copper Contributor
Aug 08, 2024

Help with custom role for Service desk staff

I've been tasked with granting members of our Service desk the ability to perform 2 specific actions against user accounts within the Defender portal. Please see attached screenshot.

  • Suspend user in Entra ID

  • Require user to sign in again

Does anyone know if this is possible? I can't find any Microsoft documentation explaining what level of permission is required to perform these actions.

 

Regards,

Graham

  • micheleariis's avatar
    micheleariis
    Steel Contributor
    Hi, for response actions on EntraID, you need an EntraID role outside the RBAC of Defender XDR.

    Suspend User in Entra ID:
    To suspend a user in Entra ID, you need to have the appropriate permissions in Microsoft Entra ID.
    This action typically requires the User Administrator or Identity Governance Administrator role.

    Require User to Sign In Again:
    This action can be performed by users with the Security Administrator or Global Administrator role in Microsoft Entra.
    This role allows you to manage security settings and enforce sign-in policies.
    • G_Man's avatar
      G_Man
      Copper Contributor
      Thank you, I will give that a go!
      • micheleariis's avatar
        micheleariis
        Steel Contributor
        I hope I was helpful.
        Maybe in the future you can have more granular controls on these operations.
        If the answer was satisfactory mark it as the best.

Resources