User Profile
Gadi_Palatchi_MSFT
MicrosoftJoined 4 years ago
User Widgets
Recent Discussions
Re: Defender XDR Unified RBAC - Cannot manage incidents
Thank you Steve for this update. Defender for Cloud Apps not yet supported by Unified RBAC. As you can see when creating a new role, the list of available data sources in the assignment stage does not include Defender for Cloud Apps as an option. You can continue granting access to Defender for Cloud Apps data and experiences using the individual workload RBAC (in parallel to using Unified RBAC with the rest of the workloads).2.9KViews0likes2CommentsRe: Defender XDR Unified RBAC - Cannot manage incidents
Hi Steve, We continue to improve and to expand the product so it will cover more and more areas as well as meet end-users' needs as good as possible. Please stay tuned and continue to follow our releases for new capabilities in the future.2.1KViews1like0CommentsRe: Defender XDR Unified RBAC - Cannot manage incidents
Thank you for contacting us with your inquiry. May I ask have you activated Unified RBAC with any of the workloads? If so which ones? Can you also share what data sources have you included in the role assignment? As for the Email & compliance functions you've mentioned that are working properly - note that if you haven't activated Unified RBAC for Email & compliance (both toggles) - access to these functions is managed via roles defined in Admin Center.2.6KViews1like5CommentsRe: Unified RBAC and Entra PIM
Hello, Thank you for posting this question. My name is Gadi and I am the Unified RBAC Product Manager. Referring to your question - yes, this is possible and is considered as one of the key values when using Unified RBAC as your centralized RBAC for all supported Defender products within the XDR Security portal. 1. Create a security group in Azure Entra ID that you wish to use it with PIM. For the example let's call it "SecOps Analysts PIM group". Do not add any members to that group. 2. Once you completed creating the group, on the left menu, under "Activity" click on the "Privileged Identity Management" and confirm this group to be used with PIM 3. Do not add at this point any member to the group 4. In Unified RBAC, create a custom role with the permission you intend to grant to users that will be added to the created security group. For the example: Security operations \ Alerts (manage). 5. Create a new assignment for this role and at the "Assignees" section select the security group that you have just created (you can search for it by its name). 6. Select the data sources you wish to include in this assignment (by default - all data sources will be included). 7. Submit and finish. 8 Activate Unified RBAC for the products you wish access to be enforced by Unified RBAC and from that point Unified RBAC will be active for these products. 9. Once you wish to grant users with the permissions defined in this role, from Entra ID add members to this particular security group and when asked define the time frame for their membership - JIT. 10. Allow ~10 minutes for this change to be effective in the XDR security portal and that's it. I hope this helps.2.6KViews3likes4Comments
