Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Roles for Office 365 P2

Brass Contributor

I would like to know if there is some better way of using the Office ATP features like Threat Trackers, Threat Explorer ,Automated investigation and response, Campaigns , etc without giving out Security admin /operator roles groups as outlined in the documentation ?   

 

Are they any specific roles like "Quarantine" that are available ?  That would help practice the least privilege model  instead of such broad access. 

2 Replies

You can create custom role groups and assign just the roles you need/want. The SCC RBAC model is not as robust as the one in ExO though.

@VasilMichev   Thank you for the great input. I would need still some documentation to figure out which roles to include.   The documentation that i quoted in my post, does not have that information. 

The other alternative would be to figure this out by trial and error. 

In short , I am  looking for " what roles should we assign to be able to access explorer, submissions, investigations threat tracker and campaign in the Threat management menu"