Is there any reference that describes the permissions that can be granted in Defender XDR, and how those permissions can be granted using Entra ID roles, Defender XDR Unified RBAC roles, or through the individual Defender point products that have been integrated into XDR, using consistent, standardized language?
The documentation for Entra ID describes permissions in this format:
microsoft.directory/provisioningLogs/allProperties/read |
The documentation for Defender XDR describes them in this format:
| Security operations \ Security data \ Email advanced actions (manage) |
I'm basically looking for something that says "permissions to do n function is granted by x role in Entra ID, y role in Defender XDR, or z role in Defender for Office 365."
Is this something that's not possible at a company of Microsoft's size and complexity?
Kind of like how this is the Microsoft Defender XDR community forum, but there's no "Microsoft Defender XDR" label for the mandatory labeling of posts?
