Mar 16 2023 11:16 PM - edited Mar 16 2023 11:17 PM
After adapting the New M365D RBAC model, the analyst are unable to block the sender or malicious domain, file and URL from explorer menu because Microsoft not mapped the Tenant AllowBlockList Manager role in the new M365D RBAC model.
The roles that we were using for MDO in legacy model | Defender for Office (EOP) role group
Below are the EOP role group and group contains different roles. These groups cover the our legacy model roles. | Microsoft 365 Defender RBAC permission |
Security Reader
| Security reader | Security operations \ Security data \Security data basics (read) |
View-Only DLP Compliance Management
| Global reader | Security operations \ Security data \ Security data basics (read) |
View-Only Device Management
View-Only IB Compliance Management
| Security administrator | Security operations \ Security data \ Security data basics (read) |
Tag Contributor
| Organization Management | Security operations \ Security data \ Security data basics (read) |
| View-Only Recipients | Security operations \ Security data \ Security data basics (read) |
Preview
| Preview | Security operations\ Security operations \ Raw data (Email & collaboration) \ Email content (read) |
Search And Purge
| Search and Purge | Security operations \ Security data \ Email advanced actions (manage) |
View-Only Manage Alerts | View-Only Manage Alerts | Security operations \ Security data \ Security data basics (read) |
Manage Alerts
| Manage Alerts | Security operations \ Security data \ Security data basics (read) |
View-Only Audit Logs
| View-only Audit Logs | Security operations \ Security data \ Security data basics (read) |
| Audit Logs | Security operations \ Security data \ Security data basics (read) |
Quarantine | Quarantine | Security operations \ Security data \ Email quarantine (manage) |
| Role Management | Authorization and settings \ Authorization (All permissions) |
Tenant AllowBlockList Manager
| Security Operator
| Not mapped |
Oct 20 2023 12:06 AM
Hi @zubairrahimsoc,
Have you found a workaround for the Tenant AllowBlockList Manager role?
A workaround is to assign the Security Administrator role but it beats the purpose of having people with less permissions and roles.
Feb 27 2024 09:06 AM
Feb 27 2024 11:42 AM
Feb 27 2024 11:20 PM
Hi @TheRaulMillan,
Are you trying this with a native account or with a B2B (guest account)?
You can also have a look at this response: Re: Microsoft Defender XDR Unified RBAC | Tenant Allow/Block List, entry addition error - Microsoft ...