Azure ATP has types 3 roles (admins, users, viewers). Until now, only administrators could control Azure ATP configuration.
To reduce SOC dependency on the IT team for configurations that are part of the SOC workflow, the Azure ATP “User” role permissions have been extended, and can now perform the following tasks:
- Set scheduled reports
- Tag entities as sensitive/honeytokens
- Define exclusions
- Set the language
- Set notifications (by email/syslog)
- Control preview detections
For more information visit https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-role-groups.
Stay tuned for additional alerts and updates. Your feedback is welcome
