This role group is not manageable through the administrator portals?

%3CLINGO-SUB%20id%3D%22lingo-sub-227912%22%20slang%3D%22en-US%22%3EThis%20role%20group%20is%20not%20manageable%20through%20the%20administrator%20portals%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-227912%22%20slang%3D%22en-US%22%3E%3CP%3EMy%20objective%20is%20to%20add%20members%20to%20Security%20and%20Compliance%20center%20role%20groups%20and%20delegate%20certain%20responsibilities%20(create%20and%20view%20reports%2C%20manage%20DLP%2C%20and%20so%20forth).%20First%20of%20all%2C%20concerning%20the%20Security%20Reader%20and%20Security%20Administrator%20role%20groups%2C%20I%20read%3A%20%22This%20role%20group%20is%20not%20manageable%20through%20the%20administrator%20portals.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fpermissions-in-the-office-365-security-compliance-center-d10608af-7934-490a-818e-e68f17d0e9c1%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CFONT%20color%3D%22%23000080%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2Fpermissions-in-the-office-365-security-compliance-center-d10608af-7934-490a-818e-e68f17d0e9c1%3C%2FFONT%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20does%20that%20mean%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20thought%20I%20would%20experiment%20regardless%20and%20made%20one%20user%20a%20member%20of%20the%20Security%20Reader%20role%20group.%20I%20was%20able%20to%20add%20that%20person%20and%20they%20are%20displayed%20as%20a%20member.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESo%20how%20do%20they%20access%20the%20Security%20and%20Compliance%20center%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20naively%20thought%20that%20when%20they%20logon%20next%20there%20would%20be%20an%20icon%20for%20the%20Security%20%26amp%3B%20Compliance%20center%20among%20the%20icons%20for%20the%20other%20applications%20(with%20effective%20access%20limited%20to%20the%20scope%20of%20what%20Security%20Readers%20can%20see).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20I'm%20not%20(they're%20not)%20seeing%20any%20such%20icon...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3F%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-227912%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%20Administration%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-227955%22%20slang%3D%22en-US%22%3ERe%3A%20This%20role%20group%20is%20not%20manageable%20through%20the%20administrator%20portals%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-227955%22%20slang%3D%22en-US%22%3E%3CP%3EWell%2C%20it's%20the%20same%20situation%20as%20adding%20users%20to%20Role%20Groups%20in%20Exchange%20Online%20-%20they%20can%20get%20the%20relevant%20permissions%20and%20perform%20the%20designated%20tasks%2C%20however%20they%20don't%20get%20a%20link%20to%20the%20EAC%20in%20their%20launcher.%20So%2C%20they%20will%26nbsp%3Bhave%20to%26nbsp%3Baccess%20the%20EAC%20(or%20the%20SCC%20in%20your%20case)%20with%20the%20direct%20link.%20Or%20you%20can%20just%20create%20a%20custom%20tile.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-227952%22%20slang%3D%22en-US%22%3ERe%3A%20This%20role%20group%20is%20not%20manageable%20through%20the%20administrator%20portals%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-227952%22%20slang%3D%22en-US%22%3E%3CP%3EYour%20first%20point%20means%20that%20those%20groups%20has%20to%20be%20managed%20through%20Azure%20AD%20PowerShell.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20MSOnline%20PowerShell%3A%3C%2FP%3E%3CPRE%3EAdd-MsolRoleMember%20-RoleName%20%22Security%20Administrator%22%20-RoleMemberEmailAddress%20user%40domain.com%3C%2FPRE%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EApparently%2C%20for%20some%20reason%2C%20the%20person%20added%20to%20Security%20Administrator%20role%20group%20will%20have%20access%20to%20Admin%20center%2C%20but%20there%20is%20no%20link%20to%20Security%20and%20Compliance%20center.%20Just%20ask%20users%20to%20browse%20directly%20to%20%3CA%20href%3D%22https%3A%2F%2Fprotection.office.com%20%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fprotection.office.com%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

My objective is to add members to Security and Compliance center role groups and delegate certain responsibilities (create and view reports, manage DLP, and so forth). First of all, concerning the Security Reader and Security Administrator role groups, I read: "This role group is not manageable through the administrator portals."

 

https://support.office.com/en-us/article/permissions-in-the-office-365-security-compliance-center-d1...

 

What does that mean?

 

I thought I would experiment regardless and made one user a member of the Security Reader role group. I was able to add that person and they are displayed as a member.

 

So how do they access the Security and Compliance center?

 

I naively thought that when they logon next there would be an icon for the Security & Compliance center among the icons for the other applications (with effective access limited to the scope of what Security Readers can see).

 

But I'm not (they're not) seeing any such icon...

 

???

 

2 Replies
Highlighted

Your first point means that those groups has to be managed through Azure AD PowerShell.

 

With MSOnline PowerShell:

Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress user@domain.com

 

Apparently, for some reason, the person added to Security Administrator role group will have access to Admin center, but there is no link to Security and Compliance center. Just ask users to browse directly to https://protection.office.com 

Highlighted

Well, it's the same situation as adding users to Role Groups in Exchange Online - they can get the relevant permissions and perform the designated tasks, however they don't get a link to the EAC in their launcher. So, they will have to access the EAC (or the SCC in your case) with the direct link. Or you can just create a custom tile.