Forum Discussion

zubairrahimsoc's avatar
zubairrahimsoc
Copper Contributor
Mar 17, 2023

Tenant AllowBlockList Manager is not mapped in new Microsoft 365 Defender RBAC model

After adapting the New M365D RBAC model, the analyst are unable to block the sender or malicious domain, file and URL from explorer menu because Microsoft not mapped the Tenant AllowBlockList Manager role in the new M365D RBAC model.

 

The roles that we were using for MDO in legacy model

Defender for Office (EOP) role group

 

Below are the EOP role group and group contains different roles. These groups cover the our legacy model roles.

Microsoft 365 Defender RBAC permission

Security Reader

 

Security reader

Security operations \ Security data \Security data basics (read)
Security operations \ Raw data (Email & collaboration) \ Email message headers (read)
Security operations \ Security data \ Response (manage)
Authorization and settings \ Security setting (read)
Authorization and settings \ System setting (read)

View-Only DLP Compliance Management

 

Global reader

Security operations \ Security data \ Security data basics (read)
Security operations \ Raw data (Email & collaboration) \ Email message headers (read)
Security operations \ Security data \ Response (manage)
Authorization and settings \ Security setting (read)
Authorization and settings \ System setting (read)

View-Only Device Management

 

View-Only IB Compliance Management

 

 

Security administrator

Security operations \ Security data \ Security data basics (read)
Security operations \ Security data \ Alerts (manage)
Security operations \ Raw data (Email & collaboration) \ Email message headers (read)
Security operations \ Security data \ Response (manage)
Security operations \ Security data \ Email quarantine (manage)
Authorization and settings \ Authorization (read)
Authorization and settings \ Security setting (All permissions)
Authorization and settings \ System setting (All permissions)

Tag Contributor

 

Organization Management

Security operations \ Security data \ Security data basics (read)
Security operations \ Security data \ Alerts (manage)
Security operations \ Raw data (Email & collaboration) \ Email message headers (read)
Security operations \ Security data \ Response (manage)
Security operations \ Security data \ Email advanced actions (manage)
Security operations \ Security data \ Email quarantine (manage)
Authorization and settings \ Authorization (All permissions)
Authorization and settings \ Security setting (All permissions)
Authorization and settings \ System setting (All permissions)

 

View-Only Recipients

Security operations \ Security data \ Security data basics (read)
Security operations \ Raw data (Email & collaboration) \ Email message headers (read)

Preview

 

Preview

Security operations\ Security operations \ Raw data (Email & collaboration) \ Email content (read)

Search And Purge

 

Search and Purge

Security operations \ Security data \ Email advanced actions (manage)

View-Only Manage Alerts

View-Only Manage Alerts

Security operations \ Security data \ Security data basics (read)

Manage Alerts

 

Manage Alerts

Security operations \ Security data \ Security data basics (read)
Security operations \ Security data \ Alerts (manage)

View-Only Audit Logs

 

View-only Audit Logs

Security operations \ Security data \ Security data basics (read)

 

Audit Logs

Security operations \ Security data \ Security data basics (read)

Quarantine

Quarantine

Security operations \ Security data \ Email quarantine (manage)

 

Role Management

Authorization and settings \ Authorization (All permissions)

Tenant AllowBlockList Manager

 

Security Operator

 

Not mapped

microsoft defender for office 365

Resources