Feb 15 2024 08:26 AM
I currently have the Entra ID Security Operator PIM role activated, and I am able to add email addresses to the TABL, as well as managing Anti-Spam and Anti-Phishing policies. In the past, I've needed to be a Security Administrator to do this. Has something changed? If not, could this be an unintended consequence of me activating the MDO workloads for Unified RBAC?
Feb 21 2024 06:56 AM
SolutionAccording to the documentation you need to be a member in one of these role groups:
Exchange Online permissions:
1. Organization Management or Security Administrator
2. Security Operator (Tenant AllowBlockList Manager)
Entra ID permissions:
Global Admin, Security Admin, Global Reader, Security Reader
Allow or block email using the Tenant Allow/Block List | Microsoft Learn
My impression here is that because of the unified RBAC model this role had to be modified to work.
Hope this helps.
G.
Feb 21 2024 11:22 AM
Feb 21 2024 11:26 AM
Feb 21 2024 01:32 PM
Feb 21 2024 06:56 AM
SolutionAccording to the documentation you need to be a member in one of these role groups:
Exchange Online permissions:
1. Organization Management or Security Administrator
2. Security Operator (Tenant AllowBlockList Manager)
Entra ID permissions:
Global Admin, Security Admin, Global Reader, Security Reader
Allow or block email using the Tenant Allow/Block List | Microsoft Learn
My impression here is that because of the unified RBAC model this role had to be modified to work.
Hope this helps.
G.