Forum Discussion
Least privileged role for the "Suspend user in AAD" action
Hello, we try to find the least privileged role for our SOC members to be able to have the "Supend user in AAD" and "Require user to sign in again" action available in the user page of Microsoft 365...
DeanPickering
Microsoft
MicrosoftHey Stefan,
For AAD response actions, this does require an AAD role outside of M365D RBAC. The least privilege permission as it stands today is Security Admin.
HTH,
Dean.
For AAD response actions, this does require an AAD role outside of M365D RBAC. The least privilege permission as it stands today is Security Admin.
HTH,
Dean.
- Hi Dean
I wouldn't have guessed this role, especially since none of the actions in https://learn.microsoft.com/en-us/azure/active-directory/roles/permissions-reference#security-administrator seem to allow actions against users.
We will weigh which role to use, but will probably stick with authentication admin for now.
Are there any plans to integrate these AzureAD (and Active Directory/MDI) response permissions into Defender RBAC?
Best regards
