You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/tenant-wide-permissions-management.md
+12Lines changed: 12 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -74,6 +74,18 @@ To request elevated permissions from your global administrator:
74
74
75
75
After the global administrator selects **Review the request** and completes the process, the decision is emailed to the requesting user.
76
76
77
+
## Removing permissions
78
+
79
+
To remove permissions from the root tenant group, follow these steps:
80
+
81
+
1. Go to the Azure portal.
82
+
1. In the Azure portal, search for **Management Groups** in the search bar at the top.
83
+
1. In the **Management Groups** pane, find and select the **Tenant Root Group** from the list of management groups.
84
+
1. Once inside the **Tenant Root Group**, select **Access Control (IAM)** in the left-hand menu.
85
+
1. In the **Access Control (IAM)** pane, select the **Role assignments** tab. This shows a list of all role assignments for the **Tenant Root Group**.
86
+
1. Review the list of role assignments to identify which one you need to remove.
87
+
1. Select the role assignment you want to remove (**Security admin** or **Security reader**) and select **Remove**. Ensure you have the necessary permissions to make changes to role assignments in the **Tenant Root Group**.
88
+
77
89
## Next steps
78
90
79
91
Learn more about Defender for Cloud permissions in the following related page:
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments