Restrict access to event timeline for privacy reasons

%3CLINGO-SUB%20id%3D%22lingo-sub-2676762%22%20slang%3D%22en-US%22%3ERestrict%20access%20to%20event%20timeline%20for%20privacy%20reasons%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2676762%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20event%20timeline%20per%20device%20in%20within%20Microsoft%20Defender%20for%20Endpoint%20might%20be%20great%20for%20incident%20response.%3C%2FP%3E%3CP%3EHowever%2C%20I%20see%20a%20privacy%20violation%20as%20some%20users%20only%20use%20the%20portal%20for%20vulnerability%20management%20and%20hardening%20and%20do%20not%20need%20to%20see%20detailed%20event%20timelines.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20it%20possible%20to%20either%20a)%20disable%20it%20at%20all%20or%20b)%20restrict%20access%20to%20users%20that%20use%20Microsoft%20Defender%20for%20Endpoint%20for%20vulnerability%20management%20and%20hardening%20purposes%20only.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2703635%22%20slang%3D%22en-US%22%3ERe%3A%20Restrict%20access%20to%20event%20timeline%20for%20privacy%20reasons%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2703635%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F1135558%22%20target%3D%22_blank%22%3E%40agua_todo_el_dia%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3EYes%20this%20is%20possible.%20You%20can%20achieve%20this%20by%20assigning%20roles.%20Please%20refer%20to%20the%20illustrations%20below%3A%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22MicrosoftTeams-image.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F306997iA9B2D6C5DFCF2557%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22MicrosoftTeams-image.png%22%20alt%3D%22MicrosoftTeams-image.png%22%20%2F%3E%3C%2FSPAN%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3EPlease%20let%20me%20know%20if%20this%20helps%20answer%20your%20question.%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Visitor

The event timeline per device in within Microsoft Defender for Endpoint might be great for incident response.

However, I see a privacy violation as some users only use the portal for vulnerability management and hardening and do not need to see detailed event timelines.

 

Is it possible to either a) disable it at all or b) restrict access to users that use Microsoft Defender for Endpoint for vulnerability management and hardening purposes only.

 

 

1 Reply

Hi @agua_todo_el_dia,

 

Yes this is possible. You can achieve this by assigning roles. Please refer to the illustrations below:
MicrosoftTeams-image.png

 

Please let me know if this helps answer your question.