Jan 13 2020 07:01 AM
Hi everyone,
i tried to deploy the new Quarantine Admin to the Admin users of our Office 365 admins.
After mail enabling the user object in Exchange on prem (which is needed btw) the user can access the quarantine without error message.
But no mail is shown. Logging in as a global admin (myself) i can see many mails.
I followed this doc: https://docs.microsoft.com/de-de/microsoft-365/security/office-365-security/manage-quarantined-messa...
Can anyone please advise.
Thanks
Jan 13 2020 10:26 PM
Got this mail today stating
"On February 10, 2020, we are updating the roles required to access and manage Quarantine"
If you use Exchange Online RBAC roles to manage Quarantine then you will need to assign the Security and Compliance Center Security Administrator or Quarantine Administrator role to the user(s) that require access to Quarantine.
You do not need to modify the existing Exchange Online roles.
Does it mean i have to set the Exchange Quarantine Role additional?
Feb 17 2020 01:06 AM
SolutionJan 11 2023 01:04 AM
Apr 18 2023 08:02 AM - edited Apr 18 2023 08:03 AM
If you have the newer Defender Unified RBAC/"Microsoft 365 Defender" roles (which I believe requires certain levels of Defender licensing, possibly Defender for Office 365 P2, but I am not certain) - you should probably use this https://security.microsoft.com/mtp_roles (you may have to migrate/import existing permissions from Endpoint/Email and Collaboration permissions, such as Security Administrator or Security Operator, or Quarantine Administrator)
If not, you may still be using Email and Collaboration Roles - which you should be able to check and access here to set Quarantine Administrator https://security.microsoft.com/emailandcollabpermissions
Not directly related to your issue, but may be related to IMPORTING any permissions to Defender Unified RBAC are:
Defender Endpoint Permissions: https://security.microsoft.com/preferences2/user_roles
Azure AD Roles: https://security.microsoft.com/aadpermissions
Cloud App Security Roles: https://security.microsoft.com/cloudapps/permissions/roles
Email and Collaboration Roles: https://security.microsoft.com/emailandcollabpermissions
But, again, I would highly encourage you to move to Defender Unified RBAC if it is available to you to simplify things. This article should walk through enabling RBAC if you can: Activate Microsoft 365 Defender role-based access control (RBAC) | Microsoft Learn
And then you should be able to access/migrate to the RBAC Roles here: https://security.microsoft.com/mtp_roles
You may have all of these, you may have two of these, you may just have one of them. I have tenants that have been around for various points as they created the Defender Endpoint roles and started centralizing/combining role permissions to all the Defender products, so I think I have all of them, or nearly all. Best advice is just try each one of the portal links mentioned above and you may be able to see them in your own environment here https://security.microsoft.com/securitypermissions
Where possible, use the newer style of permissions to avoid having to migrate later.
Feb 17 2020 01:06 AM
Solution