Ask Microsoft Anything: SIEM and XDR | Microsoft Secure Tech Accelerator

Event details

During Microsoft Secure you learned about the latest innovations around Microsoft's SIEM and XDR solution. Join this Ask Microsoft Anything (AMA) session to get your questions about Microsoft Sentine...

Trevor_Rusher

Updated Dec 27, 2024

Copper Contributor

Apr 13, 2023

My client has an E5 license and he's an azure global admin. he's having difficulty enabling the "Office 365 Threat Intelligence connection" feature in the defender portal > settings > endpoint. it says he doesn't have permission (but he's global admin)

KoprowskiT

MVP

Apr 13, 2023

Azure Global Admin != M365 Global Admin != Defender Admin - even if you have GA roles, that role is not super powerful - cannot execute many things and actions in Microsoft Purview Portal and Microsoft Defender Portal. You have to apply proper permission for products and subproducts inside M365.

Ed Fisher
Microsoft
Apr 13, 2023
Tobias is quite right, but just to add a little more specificity to this, to enable the Office 365 Threat Intelligence connection, you need to have Security Administrator permissions.
- bobbobcom
  Copper Contributor
  Apr 13, 2023
  thanks Ed, I think the catch was he needs Sec Admin in the Compliance portal, not AAD.
bobbobcom
Copper Contributor
Apr 13, 2023
yes but what role? he's added to a full admin role in the defender portal and he has the security admin role in AAD.
- KoprowskiT
  MVP
  Apr 13, 2023
  Check this documentation https://learn.microsoft.com/en-us/microsoft-365/security/defender-business/mdb-roles-permissions?view=o365-worldwide and as well this place https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/scc-permissions?view=o365-worldwide