Roles for Office 365 P2

%3CLINGO-SUB%20id%3D%22lingo-sub-1614654%22%20slang%3D%22en-US%22%3ERoles%20for%20Office%20365%20P2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1614654%22%20slang%3D%22en-US%22%3E%3CP%3EI%20would%20like%20to%20know%20if%20there%20is%20some%20better%20way%20of%20using%20the%20Office%20ATP%20features%20like%26nbsp%3BThreat%20Trackers%2C%20Threat%20Explorer%20%2CAutomated%20investigation%20and%20response%2C%20Campaigns%20%2C%20etc%20without%20giving%20out%20Security%20admin%20%2Foperator%20roles%20groups%20as%20outlined%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fmicrosoft-365%2Fsecurity%2Foffice-365-security%2Foffice-365-atp%3Fview%3Do365-worldwide%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%22%3Edocumentation%3C%2FA%3E%20%3F%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAre%20they%20any%20specific%20roles%20like%20%22Quarantine%22%20that%20are%20available%20%3F%26nbsp%3B%20That%20would%20help%20practice%20the%20least%20privilege%20model%26nbsp%3B%20instead%20of%20such%20broad%20access.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1616847%22%20slang%3D%22en-US%22%3ERe%3A%20Roles%20for%20Office%20365%20P2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1616847%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20create%20custom%20role%20groups%20and%20assign%20just%20the%20roles%20you%20need%2Fwant.%20The%20SCC%20RBAC%20model%20is%20not%20as%20robust%20as%20the%20one%20in%20ExO%20though.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1617402%22%20slang%3D%22en-US%22%3ERe%3A%20Roles%20for%20Office%20365%20P2%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1617402%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3B%20%26nbsp%3BThank%20you%20for%20the%20great%20input.%20I%20would%20need%20still%20some%20documentation%20to%20figure%20out%20which%20roles%20to%20include.%26nbsp%3B%20%26nbsp%3BThe%20documentation%20that%20i%20quoted%20in%20my%20post%2C%20does%20not%20have%20that%20information.%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20other%20alternative%20would%20be%20to%20figure%20this%20out%20by%20trial%20and%20error.%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20short%20%2C%20I%20am%26nbsp%3B%20looking%20for%20%22%20what%20roles%20should%20we%20assign%20to%20be%20able%20to%20access%20explorer%2C%20submissions%2C%20investigations%20threat%20tracker%20and%20campaign%20in%20the%20Threat%20management%20menu%22%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

I would like to know if there is some better way of using the Office ATP features like Threat Trackers, Threat Explorer ,Automated investigation and response, Campaigns , etc without giving out Security admin /operator roles groups as outlined in the documentation ?   

 

Are they any specific roles like "Quarantine" that are available ?  That would help practice the least privilege model  instead of such broad access. 

2 Replies

You can create custom role groups and assign just the roles you need/want. The SCC RBAC model is not as robust as the one in ExO though.

@Vasil Michev   Thank you for the great input. I would need still some documentation to figure out which roles to include.   The documentation that i quoted in my post, does not have that information. 

The other alternative would be to figure this out by trial and error. 

In short , I am  looking for " what roles should we assign to be able to access explorer, submissions, investigations threat tracker and campaign in the Threat management menu"