We are excited to announce the public preview of a central role-based access control (RBAC) capability to help unify roles and permissions management across Microsoft Defender for Endpoint, Microsoft Defender for Office 365, and Microsoft Defender for Identity.
The new Microsoft 365 Defender RBAC model, part of Microsoft’s leading Extended Detection and Response (XDR) solution, is an impactful enabler for security admins to centrally manage privileges across domains. It offers a unified and granular cross-services access permission model to help the Security Operations Center (SOC) increase productivity across the various Microsoft Defender products. Additionally, the new model is fully compatible with existing individual RBAC models currently supported in Microsoft 365 Defender portal.
The new Microsoft 365 Defender RBAC experience
Microsoft 365 Defender provides integrated threat protection, detection, and response across endpoints, email, identities, applications, and data within a single portal. The new RBAC model now takes this experience to the next level by allowing admins to centrally manage privileges across these services with a greater efficiency. While Defender for Cloud Apps is not covered in this initial preview, it will be added to the new RBAC model in the future.
The new model organizes permissions by categories. For example, the “Security operations” category includes permissions that are required to perform daily security operations activities and allows admins to either grant out-of-the-box permissions on a per category basis or select permissions one-by-one for custom roles.
In the new model, permissions can be scoped to individual users and/or security groups. By default, custom roles created in the Microsoft 365 Defender RBAC model are scoped to all data sources. However, if needed, a role can be scoped to one or more specific data sources.
To make it easy for you to adopt the new RBAC model, we support role import capabilities so that you can import existing roles from any of our current individual RBAC models to the new Microsoft 365 Defender RBAC model with a click of a button.
Supported Products
Getting Started
Here is how you can get started with the new RBAC model:
If you don’t have any existing roles assigned:
You can find more details on how to create custom roles in our technical documentation.
If you have existing roles within any of the workloads:
You can find more details on how to import roles in our technical documentation.
Notes:
What about Azure Active Directory global roles and Privileged Identity Management?
Microsoft 365 Defender security portal will continue to respect existing Azure Active Directory global roles when you activate the Microsoft 365 Defender RBAC model for some or all workloads, i.e., Global Admins will retain assigned admin privileges.
However, with the new RBAC model you will have the flexibility to create more granular roles where appropriate, following the principle of least privilege and granting users only the privileges they need.
More information
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.