You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: exposure-management/predefined-classification-rules-and-levels.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,7 +52,7 @@ Current asset types are:
52
52
| Identity with Privileged Role | Identity | High | The following identities (User, Group, Service Principal, or Managed Identity) have an assigned built-in or custom privileged Azure RBAC role, at subscription scope, containing a critical resource. The role can include permissions for Azure role assignments, modifying Azure policies, executing scripts on a VM using Run command, read access to storage accounts and keyvaults, and more. |
53
53
| Application Administrator | Identity | Very High | Identities in this role can create and manage all aspects of enterprise applications, application registrations, and application proxy settings. |
54
54
| Application Developer | Identity | High | Identities in this role can create application registrations independent of the 'Users can register applications' setting. |
55
-
| Authentication Administrator | Identity | Very High | Identities in this role can set and reset authentication methods (including passwords) for non-admin users. |
55
+
| Authentication Administrator | Identity | Very High | Identities in this role can set and reset authentication methods (including passwords) for nonadmin users. |
56
56
| Backup Operators | Identity | Very High | Identities in this role can backup and restore all files on a computer, regardless of the permissions that protect those files. Backup operators also can log on to and shut down the computer and can perform backup and restore operations on domain controllers. |
57
57
| Server Operators | Identity | Very High | Identities in this role can administer domain controllers. Members of the Server operators group can take the following actions: sign in to a server interactively, create and delete network shared resources, start and stop services, backup and restore files, format the hard disk drive of the computer, and shut down the computer. |
58
58
| B2C IEF Keyset Administrator | Identity | High | Identities in this role can manage secrets for federation and encryption in the Identity Experience Framework (IEF). |
@@ -65,13 +65,13 @@ Current asset types are:
65
65
| Enterprise Administrator | Identity | Very High | Identities in this role have complete access to configuring all domain controllers. Members in this group can modify the membership of all administrative groups. |
66
66
| Global Administrator | Identity | Very High | Identities in this role can manage all aspects of Microsoft Entra ID and Microsoft services that use Microsoft Entra identities. |
67
67
| Global Reader | Identity | High | Identities in this role can read everything that a Global Administrator can, but not update anything. |
68
-
| Helpdesk Administrator | Identity | Very High | Identities in this role can reset passwords for non-administrators and Helpdesk Administrators. |
68
+
| Helpdesk Administrator | Identity | Very High | Identities in this role can reset passwords for nonadministrators and Helpdesk Administrators. |
69
69
| Hybrid Identity Administrator | Identity | Very High | Identities in this role can manage Active Directory to Microsoft Entra cloud provisioning, Microsoft Entra Connect, Pass-through Authentication (PTA), Password hash synchronization (PHS), seamless single sign-on (Seamless SSO), and federation settings. |
70
70
| Intune Administrator | Identity | Very High | Identities in this role can manage all aspects of the Intune product. |
71
-
| Partner Tier1 Support | Identity | Very High | Identities in this role can reset passwords for non-admin users, update credentials for applications, create and delete users, and create OAuth2 permission grants. This role has been deprecated and will be removed from Microsoft Entra ID in the future. Don't use - not intended for general use. |
71
+
| Partner Tier1 Support | Identity | Very High | Identities in this role can reset passwords for nonadmin users, update credentials for applications, create and delete users, and create OAuth2 permission grants. This role has been deprecated and will be removed from Microsoft Entra ID in the future. Don't use - not intended for general use. |
72
72
| Partner Tier2 Support | Identity | Very High | Identities in this role can reset passwords for all users (including Global Administrators), update credentials for applications, create and delete users, and create OAuth2 permission grants. This role has been deprecated and will be removed from Microsoft Entra ID in the future. Don't use - not intended for general use. |
73
-
| Password Administrator | Identity | Very High | Identities in this role can reset passwords for non-administrators and Password Administrators. |
74
-
| Privileged Authentication Administrator | Identity | Very High | Identities in this role can view, set, and reset authentication method information for any user (admin or non-admin). |
73
+
| Password Administrator | Identity | Very High | Identities in this role can reset passwords for nonadministrators and Password Administrators. |
74
+
| Privileged Authentication Administrator | Identity | Very High | Identities in this role can view, set, and reset authentication method information for any user (admin or nonadmin). |
75
75
| Privileged Role Administrator | Identity | Very High | Identities in this role can manage role assignments in Microsoft Entra ID, and all aspects of Privileged Identity Management. |
76
76
| Security Operations Admin User | Identity | High | Identities in this role can configure, manage, monitor, and respond to threats within the organization. **Note**: This rule logic relies on the predefined critical device classification “Security Operations Admin Device”. |
77
77
| Security Administrator | Identity | High | Identities in this role can read security information and reports and manage configuration in Microsoft Entra ID and Office 365. |
0 commit comments