You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/edit-delete-rbac-roles.md
+11-2Lines changed: 11 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,11 +38,16 @@ The following steps guide you on how to edit roles in Microsoft Defender XDR Uni
38
38
39
39
> [!IMPORTANT]
40
40
> You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
41
+
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
41
42
42
43
1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) as global administrator or security administrator.
44
+
43
45
2. In the navigation pane, select **Permissions**.
46
+
44
47
3. Select **Roles** under Microsoft Defender XDR to get to the Permissions and roles page.
48
+
45
49
4. Select the role you want to edit. You can only edit one role at a time.
50
+
46
51
5. Once selected, this opens a flyout pane where you can edit the role:
47
52
48
53
:::image type="content" source="/defender/media/defender/m365-defender-rbac-edit-roles.png" alt-text="Screenshot of the edit roles flyout page" lightbox="/defender/media/defender/m365-defender-rbac-edit-roles.png":::
@@ -76,14 +81,17 @@ The CSV also includes a snapshot of the Unified RBAC activation status for each
76
81
77
82
The following steps guide you on how to export roles in Microsoft Defender XDR Unified RBAC:
78
83
79
-
>[!Note]
80
-
>To export roles, you must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have the **Authorization (manage)** permission assigned for all data sources in Microsoft Defender XDR Unified RBAC and have at least one workload activated for Unified RBAC.
84
+
>[!NOTE]
85
+
>To export roles, you must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have the **Authorization (manage)** permission assigned for all data sources in Microsoft Defender XDR Unified RBAC and have at least one workload activated for Unified RBAC.
81
86
>
82
87
>For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
83
88
84
89
1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) with the required roles or permissions.
90
+
85
91
2. In the navigation pane, select **Permissions**.
92
+
86
93
3. Select **Roles** under Microsoft Defender XDR to get to the Permissions and roles page.
94
+
87
95
4. Select the **Export** button.
88
96
89
97
:::image type="content" source="/defender/media/defender/m365-defender-rbac-export-roles.png" alt-text="Screenshot of the export roles page" lightbox="/defender/media/defender/m365-defender-rbac-export-roles.png":::
@@ -94,4 +102,5 @@ A CSV file containing all the roles data will be generated and downloaded to the
94
102
95
103
-[Learn about RBAC permissions](custom-permissions-details.md)
96
104
-[Map existing RBAC roles to Microsoft Defender XDR Unified RBAC roles](compare-rbac-roles.md)
0 commit comments