Aug 26 2020 01:58 PM
I would like to know if there is some better way of using the Office ATP features like Threat Trackers, Threat Explorer ,Automated investigation and response, Campaigns , etc without giving out Security admin /operator roles groups as outlined in the documentation ?
Are they any specific roles like "Quarantine" that are available ? That would help practice the least privilege model instead of such broad access.
Aug 27 2020 10:35 AM
You can create custom role groups and assign just the roles you need/want. The SCC RBAC model is not as robust as the one in ExO though.
Aug 27 2020 02:12 PM
@VasilMichev Thank you for the great input. I would need still some documentation to figure out which roles to include. The documentation that i quoted in my post, does not have that information.
The other alternative would be to figure this out by trial and error.
In short , I am looking for " what roles should we assign to be able to access explorer, submissions, investigations threat tracker and campaign in the Threat management menu"