moving to portal doc instead of xdr

batamig · batamig · commit 0455f8bdb1a2 · 2024-08-22T10:46:48.000+03:00
diff --git a/defender-xdr/custom-roles.md b/defender-xdr/custom-roles.md
@@ -18,19 +18,21 @@ search.appverid:
   - MOE150
   - MET150
 ---
-# Custom roles in role-based access control for Microsoft Defender XDR services
+# Custom roles in role-based access control for Microsoft Defender portal services
 
-By default, access to Microsoft Defender XDR services is managed collectively using [Microsoft Entra global roles](m365d-permissions.md). If you need greater flexibility and control over access to specific product data, and aren't yet using the [Microsoft Defender XDR Unified role-based access control (RBAC)](manage-rbac.md) for centralized permissions management, we recommend creating custom roles for each service.
+By default, access to services available in the Microsoft Defender portal are managed collectively using [Microsoft Entra global roles](m365d-permissions.md). If you need greater flexibility and control over access to specific product data, and aren't yet using the [Microsoft Defender XDR Unified role-based access control (RBAC)](manage-rbac.md) for centralized permissions management, we recommend creating custom roles for each service.
 
-For example, create a custom role for Microsoft Defender for Endpoint to manage access to specific Defender for Endpoint data, create a custom role for Microsoft Defender for Office to manage access to specific email and collaboration data.
+For example, create a custom role for Microsoft Defender for Endpoint to manage access to specific Defender for Endpoint data, or create a custom role for Microsoft Defender for Office to manage access to specific email and collaboration data.
 
-Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
+In each service, custom role names aren't connected to global roles in Microsoft Entra ID, even if similarly named. For example, a custom role named *Security Admin* in Microsoft Defender for Endpoint isn't connected to the global *Security Admin* role in Microsoft Entra ID.
 
 **Applies to:**
 
+- Microsoft Defender for Cloud
 - Microsoft Defender for Cloud Apps
 - Microsoft Defender for Endpoint
 - Microsoft Defender for Identity
+- Microsoft Defender for IoT
 - Microsoft Defender for Office 365
 - Microsoft Defender XDR
 
@@ -48,30 +50,16 @@ Each Microsoft Defender service has its own custom role management settings, wit
 
   :::image type="content" source="./media/custom-roles/custom-roles-endpoint.png" alt-text="Screenshot of a Roles link for Defender for Endpoint.":::
 
-## Required roles for Defender XDR services
-
-Custom role names aren't connected to global roles in Microsoft Entra ID, even if similarly named. For example, a custom role named *Security Admin* in Microsoft Defender for Endpoint isn't connected to the global *Security Admin* role in Microsoft Entra ID.
-
-For Defender for Endpoint and Defender for Office, use custom roles as follows:
-
-|Task  |Required roles for Defender for Endpoint | Required roles for Defender for Office 365 |
-|---------|---------|
-|**View investigation data**, including alerts, incidents, and the Action center      | View data - security operations        | One of the following: <ul><li>View-only Manage alerts<li>Organization configuration<li>Audit logs<li>View-only audit logs<li>Security reader<li>Security admin<li>View-only recipients |
-|**View and manage hunting data**, including queries and functions     |    View data - security operations     | One of the following: <ul><li>Security reader<li>Security admin <li>View-only recipients|
-|**Manage alerts and incidents**     | Alert investigation        |One of the following: <ul><li>Manage alerts<li>Security admin|
-|**Action center remediation**     |     Active remediation actions – security operations    | Search and purge |
-|**Set custom detections**     |   Manage security settings      | One of the following: <ul><li>Manage alerts<li>Security admin|
-|**Threat analytics**     |   For alert and incidents data: View data- security operations <br><br>For vulnerability management mitigations: View data - Threat and vulnerability management      | For alerts and incidents data, one of the following: <ul><li>View-only Manage alerts<li>Manage alerts<li>Organization configuration<li>Audit logs<li>View-only audit logs<li>Security reader<li>Security admin<li>View-only recipients<br>For prevented email attempts, one of the following:<ul><li>Security reader<li>Security admin<li>View-only recipients |
+## Reference of Defender portal service content
 
-For other service information, see:
+For information about the permissions and roles for each Microsoft Defender XDR service, see the following articles:
 
+- [Microsoft Defender for Cloud user roles and permissions](/azure/defender-for-cloud/permissions)
 - [Configure access for Defender for Cloud Apps](/defender-cloud-apps/manage-admins)
+- [Create and manage roles in Defender for Endpoint](/defender-endpoint/user-roles)
 - [Roles and permissions in Defender for Identity](/defender-for-identity/role-groups)
-
-## Related content
-
-For more information about other Microsoft Defender portal services, see:
-
-- [Microsoft Defender for Cloud user roles and permissions](/azure/defender-for-cloud/permissions)
-- [Roles and permissions in Microsoft Sentinel](/azure/sentinel/roles)
 - [Microsoft Defender for IoT user management](/azure/defender-for-iot/organizations/manage-users-overview)
+- [Microsoft Defender for Office 365 permissions](/defender-office-365/mdo-portal-permissions)
+- [Roles and permissions in Microsoft Sentinel](/azure/sentinel/roles)
+
+Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
