Jan 31 2024 08:10 AM
Hi everyone,
I've already deployed new Defender RBAC permission.
I want to assign permission for quarantine message handling WITHOUT Preview Message option.
I,ve configured Defender RBAC in follow settings:
I've assgined only Security Basic (read)
NOT Quarantine handle and NOT Quarantine RAW Contect permission
Effect (in production!)
I can't assign at-least permission.
Currently everyone who has at least permission in Defender RBAC can read all email content for everyone user in organization!!
Anyone can help with this case?
Follow Defender RBAC docs this user should not have any permission for reading other mails!
--
Kind Regards
Feb 01 2024 06:22 AM
Feb 05 2024 12:08 PM
@MarcinRDR thanks for bringing this feedback to our attention.
After investigation into the concern you raised, we have found that this is by design.
Security reader role have the permission Review and preview all messages that have been quarantined for all users in the organization. Manage quarantined messages and files as an admin | Microsoft Learn
please note that this is specifically for Quarantined messages. This does not apply to messages that have already made it to the user inbox folder.
this design has always existed prior to Unified role-based access control feature.
Feb 06 2024 03:47 AM
Mar 12 2024 06:53 AM
Mar 12 2024 07:47 AM
@MarcinRDR Hi Marcin, @FaithEbenezerOquong wrote earlier, that this is by design.
Mar 13 2024 02:17 AM - edited Mar 13 2024 06:11 AM
Ok I understand.
I'm wondering why is "content read" option in Defender RBAC if I can not use it for handle quarantine without message content view for my sub admins (only manage mail)
For example, admin can use increase phish and spam threshold
It result, many false positive message forward to quarantine
Admin can read content most of confidential VIP's emails.
In some malicious cases, admin can leverage this design for read content for confidential messages.
Anyway thanks for information.
Mar 13 2024 08:43 AM