Forum Discussion

SKadish's avatar
SKadish
Brass Contributor
Feb 15, 2024
Solved

Security Operator, but can add to TABL

I currently have the Entra ID Security Operator PIM role activated, and I am able to add email addresses to the TABL, as well as managing Anti-Spam and Anti-Phishing policies.  In the past, I've need...
microsoft defender for office 365
Response Actions
  • G_Wilson3468's avatar
    G_Wilson3468
    Feb 21, 2024

    SKadish 

    According to the documentation you need to be a member in one of these role groups:

    Exchange Online permissions:
     1. Organization Management or Security Administrator

     2. Security Operator (Tenant AllowBlockList Manager)

     

    Entra ID permissions:

     Global Admin, Security Admin, Global Reader, Security Reader

     

    Allow or block email using the Tenant Allow/Block List | Microsoft Learn

     

    My impression here is that because of the unified RBAC model this role had to be modified to work. 

     

    Hope this helps.

     

    G.

     

G_Wilson3468's avatar
G_Wilson3468
Iron Contributor
Feb 21, 2024

SKadish 

According to the documentation you need to be a member in one of these role groups:

Exchange Online permissions:
 1. Organization Management or Security Administrator

 2. Security Operator (Tenant AllowBlockList Manager)

 

Entra ID permissions:

 Global Admin, Security Admin, Global Reader, Security Reader

 

Allow or block email using the Tenant Allow/Block List | Microsoft Learn

 

My impression here is that because of the unified RBAC model this role had to be modified to work. 

 

Hope this helps.

 

G.

 

SKadish's avatar
SKadish
Brass Contributor
Feb 21, 2024
Hi Gregory,

Thanks very much. I think that you are right and that the role was modified. It's strange that a Global Reader would be able to add items to the TABL, and I need to test this. As for Security Operator, I'm using the Entra ID role, but not the Exchange Online role.

I appreciate the help!
  • G_Wilson3468's avatar
    G_Wilson3468
    Iron Contributor
    Feb 21, 2024
    Glad to help! Could ask a favor? If you feel this is the best answer, can you mark it as best answer?
    • SKadish's avatar
      SKadish
      Brass Contributor
      Feb 21, 2024
      Sure. I did test the Entra Global Reader role, and it doesn't have the rights to manually add addresses to the TABL (which is as it should be.)

Resources