You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/roles/permissions-reference.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -412,7 +412,7 @@ Users with this role can manage all enterprise Azure DevOps policies, applicable
412
412
413
413
## Azure Information Protection Administrator
414
414
415
-
Users with this role have all permissions in the Azure Information Protection service. This role allows configuring labels for the Azure Information Protection policy, managing protection templates, and activating protection. This role does not grant any permissions in Identity Protection Center, Privileged Identity Management, Monitor Microsoft 365 Service Health, Microsoft 365 Defender portal, or Microsoft Purview compliance portal.
415
+
Users with this role have all permissions in the Azure Information Protection service. This role allows configuring labels for the Azure Information Protection policy, managing protection templates, and activating protection. This role does not grant any permissions in Identity Protection, Privileged Identity Management, Monitor Microsoft 365 Service Health, Microsoft 365 Defender portal, or Microsoft Purview compliance portal.
416
416
417
417
> [!div class="mx-tableFixed"]
418
418
> | Actions | Description |
@@ -1973,7 +1973,7 @@ Users with this role have permissions to manage security-related features in the
1973
1973
In | Can do
1974
1974
--- | ---
1975
1975
[Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal) | Monitor security-related policies across Microsoft 365 services<br>Manage security threats and alerts<br>View reports
1976
-
Identity Protection Center | All permissions of the Security Reader role<br>Additionally, the ability to perform all Identity Protection Center operations except for resetting passwords
1976
+
[Identity Protection](../identity-protection/overview-identity-protection.md)| All permissions of the Security Reader role<br>Perform all Identity Protection operations except for resetting passwords
1977
1977
[Privileged Identity Management](../privileged-identity-management/pim-configure.md) | All permissions of the Security Reader role<br>**Cannot** manage Azure AD role assignments or settings
1978
1978
[Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center) | Manage security policies<br>View, investigate, and respond to security threats<br>View reports
1979
1979
Azure Advanced Threat Protection | Monitor and respond to suspicious security activity
@@ -2050,7 +2050,7 @@ Users with this role can manage alerts and have global read-only access on secur
2050
2050
| In | Can do |
2051
2051
| --- | --- |
2052
2052
|[Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal)| All permissions of the Security Reader role<br/>View, investigate, and respond to security threats alerts<br/>Manage security settings in Microsoft 365 Defender portal |
2053
-
|[Azure AD Identity Protection](../identity-protection/overview-identity-protection.md)| All permissions of the Security Reader role<br>Additionally, the ability to perform all Identity Protection Center operations except for resetting passwords and configuring alert e-mails. |
2053
+
|[Identity Protection](../identity-protection/overview-identity-protection.md)| All permissions of the Security Reader role<br>Perform all Identity Protection operations except for configuring or changing risk-based policies, resetting passwords, and configuring alert e-mails. |
2054
2054
|[Privileged Identity Management](../privileged-identity-management/pim-configure.md)| All permissions of the Security Reader role |
2055
2055
|[Microsoft Purview compliance portal](/microsoft-365/compliance/microsoft-365-compliance-center)| All permissions of the Security Reader role<br>View, investigate, and respond to security alerts |
2056
2056
|[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/prepare-deployment)| All permissions of the Security Reader role<br/>View, investigate, and respond to security alerts<br/>When you turn on role-based access control in Microsoft Defender for Endpoint, users with read-only permissions such as the Security Reader role lose access until they are assigned a Microsoft Defender for Endpoint role. |
@@ -2082,7 +2082,7 @@ Users with this role have global read-only access on security-related feature, i
2082
2082
In | Can do
2083
2083
--- | ---
2084
2084
[Microsoft 365 Defender portal](/microsoft-365/security/defender/microsoft-365-defender-portal) | View security-related policies across Microsoft 365 services<br>View security threats and alerts<br>View reports
2085
-
Identity Protection Center | Read all security reports and settings information for security features<br><ul><li>Anti-spam<li>Encryption<li>Data loss prevention<li>Anti-malware<li>Advanced threat protection<li>Anti-phishing<li>Mail flow rules
2085
+
[Identity Protection](../identity-protection/overview-identity-protection.md) | Read all security reports and settings information for security features<br><ul><li>Anti-spam<li>Encryption<li>Data loss prevention<li>Anti-malware<li>Advanced threat protection<li>Anti-phishing<li>Mail flow rules
2086
2086
[Privileged Identity Management](../privileged-identity-management/pim-configure.md) | Has read-only access to all information surfaced in Azure AD Privileged Identity Management: Policies and reports for Azure AD role assignments and security reviews.<br>**Cannot** sign up for Azure AD Privileged Identity Management or make any changes to it. In the Privileged Identity Management portal or via PowerShell, someone in this role can activate additional roles (for example, Global Administrator or Privileged Role Administrator), if the user is eligible for them.
[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/prepare-deployment) | View and investigate alerts<br/>When you turn on role-based access control in Microsoft Defender for Endpoint, users with read-only permissions such as the Security Reader role lose access until they are assigned a Microsoft Defender for Endpoint role.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments