You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: exposure-management/predefined-classification-rules-and-levels.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,7 @@ Current asset types are:
47
47
| Identity with Privileged Azure Role | Identity | High | The following identities (User, Group, Service Principal, or Managed Identity) have an assigned built-in or custom privileged Azure RBAC role, at subscription scope, containing a critical resource. The role can include permissions for Azure role assignments, modifying Azure policies, executing scripts on a VM using Run command, read-access to storage accounts and keyvaults, and more. |
48
48
| Application Administrator | Identity | Very High | Users in this role can create and manage all aspects of enterprise applications, application registrations, and application proxy settings. |
49
49
| Application Developer | Identity | High | Users in this role can create application registrations independent of the 'Users can register applications' setting. |
50
-
| Authentication Administrator | Identity | Very High | Users in this role can set and reset authentication method (including passwords) for nonadmin users. |
50
+
| Authentication Administrator | Identity | Very High | Users in this role can set and reset authentication method (including passwords) for non-admin users. |
51
51
| B2C IEF Keyset Administrator | Identity | High | Users in this role can manage secrets for federation and encryption in the Identity Experience Framework (IEF). |
52
52
| Cloud Application Administrator | Identity | Very High | Users in this role can create and manage all aspects of app registrations and enterprise apps except App Proxy. |
53
53
| Cloud Device Administrator | Identity | High | Users in this role have limited access to manage devices in Microsoft Entra ID. They can enable, disable, and delete devices in Microsoft Entra ID and read Windows 10 BitLocker keys (if present) in the Azure portal. |
@@ -88,7 +88,7 @@ Current asset types are:
88
88
| Attribute Definition Administrator | Identity | High | Users in this role can define and manage the definition of custom security attributes. |
89
89
| Attribute Assignment Administrator | Identity | High | Users in this role can assign custom security attribute keys and values to supported Microsoft Entra objects. |
90
90
| Identity Governance Administrator | Identity | High | Users in this role can manage access using Microsoft Entra ID for identity governance scenarios. |
91
-
| Cloud App Security Administrator | Identity | High ||
91
+
| Cloud App Security Administrator | Identity | High |Users in this role can manage all aspects of the Defender for Cloud Apps product.|
92
92
| Windows 365 Administrator | Identity | High | Users in this role can provision and manage all aspects of Cloud PCs. |
93
93
| Yammer Administrator | Identity | High | Users in this role can manage all aspects of the Yammer service. |
94
94
| Authentication Extensibility Administrator | Identity | High | Users in this role can customize sign in and sign up experiences for users by creating and managing custom authentication extensions. |
0 commit comments