You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/scc-permissions.md
+12-6Lines changed: 12 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -59,6 +59,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
59
59
60
60
|Role group|Description|Default roles assigned|
61
61
|---|---|---|
62
+
|**AI Administrators**|In addition to the capabilities listed for this role in [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference#ai-administrator), use this group to assign read-only permissions to users for Data Security Posture Management for AI.|AI Administrator|
62
63
|**Attack Simulator Administrators**|Don't use this role group. Use the [Attack Simulation Administrator](/entra/identity/role-based-access-control/permissions-reference#attack-simulation-administrator) role in Microsoft Entra ID.|Attack Simulator Admin|
63
64
|**Attack Simulator Payload Authors**|Don't use this role group. Use the [Attack Payload Author](/entra/identity/role-based-access-control/permissions-reference#attack-payload-author) role in Microsoft Entra ID.|Attack Simulator Payload Author|
64
65
|**Audit Manager**|Manage Audit log settings and Search, View, and Export Audit logs.|Audit Logs <br/><br/> View-Only Audit Logs|
@@ -82,10 +83,12 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
82
83
|**Data Estate Insights Readers**|Provides read-only access to all insights reports across platforms and providers.|Data Map Reader <br/><br/> Insights Reader|
83
84
|**Data Governance**|Grants access to data governance roles within Microsoft Purview.|Data Governance Administrator|
84
85
|**Data Investigator**|Perform searches on mailboxes, SharePoint sites, and OneDrive locations.|Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Data Investigation Management <br/><br/> Export <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt <br/><br/> Search And Purge|
85
-
|**Data Security Investigations Administrators**|Administrators for Data Security Investigations that can create and manage all investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Admin <br/><br/> Export <br/><br/> Preview <br/><br/> Review |
86
-
|**Data Security Investigations investigators**|Investigators for Data Security Investigations that can create and manage assigned investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Investigator <br/><br/> Export <br/><br/> Preview <br/><br/> Review |
87
-
|**Data Security Investigations Reviewers**|Reviwers for Data Security Investigations that can create and manage all assigned investigations.|Data Security Investigations Reviewer <br/><br/> Export <br/><br/> Preview <br/><br/> Review |
88
-
|**Data Security Management**| View all Data Security Posture Management insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).| Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Download <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Agent Analysis <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case |
86
+
|**Data Security AI Content Viewers**|Use this group to assign read-only permissions to users in Data Security Posture Management for AI to view prompts and responses of interactions in AI apps.|Data Security AI Content Viewer|
87
+
|**Data Security AI Viewers**|Use this group to assign read-only permissions to users for Data Security Posture Management for AI.|Data Security AI Viewer|
88
+
|**Data Security Investigations Administrators**|Administrators for Data Security Investigations that can create and manage all investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Admin <br/><br/> Export <br/><br/> Preview <br/><br/> Review|
89
+
|**Data Security Investigations investigators**|Investigators for Data Security Investigations that can create and manage assigned investigations, processes, and settings.|Case Management <br/><br/> Compliance Search <br/><br/> Data Security Investigations Investigator <br/><br/> Export <br/><br/> Preview <br/><br/> Review|
90
+
|**Data Security Investigations Reviewers**|Reviwers for Data Security Investigations that can create and manage all assigned investigations.|Data Security Investigations Reviewer <br/><br/> Export <br/><br/> Preview <br/><br/> Review|
91
+
|**Data Security Management**|View all Data Security Posture Management insights, use CoPilot for Security, and manage Microsoft Purview data security solutions (Data Loss Prevention, Information Protection, and Insider Risk Management).|Case Management <br/><br/> Custodian <br/><br/> Data Classification Content Download <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/>Data Connector Admin <br/><br/> Data Map Reader <br/><br/> Data Security Viewer <br/><br/> Information Protection Admin <br/><br/> Information Protection Analyst <br/><br/> Information Protection Investigator <br/><br/> Information Protection Reader <br/><br/> Insider Risk Management Admin <br/><br/> Insider Risk Management Analysis <br/><br/> Insider Risk Management Approval <br/><br/> Insider Risk Management Audit <br/><br/> Insider Risk Management Investigation <br/><br/> Insider Risk Management Reports Administrator <br/><br/> Insider Risk Management Sessions <br/><br/> Insights Reader <br/><br/> Purview Agent Analysis <br/><br/> Purview Evaluation Administrator <br/><br/> Review <br/><br/> Scan Reader <br/><br/> Source Reader <br/><br/> View-Only Case|
89
92
|**Data Security Viewers**|View Data Security Posture Management (DSPM) dashboard insights and use Copilot for Security to view detailed information.|Data Security Viewer|
90
93
|**Data Source Administrators**|Manage data sources and data scans.|Credential Reader <br/><br/> Credential Writer <br/><br/> Scan Reader <br/><br/> Scan Writer <br/><br/> Source Reader <br/><br/> Source Writer|
91
94
|**eDiscovery Manager**|Members can perform searches and place holds on mailboxes, SharePoint sites, and OneDrive locations. Members can also create and manage eDiscovery cases, add and remove members to a case, create and edit Content Searches associated with a case, and access case data in eDiscovery (Premium). <br/><br/> An eDiscovery Administrator is a member of the eDiscovery Manager role group who has been assigned additional permissions. In addition to the tasks that an eDiscovery Manager can perform, an eDiscovery Administrator can:<ul><li>View all eDiscovery cases in the organization.</li><li>Manage any eDiscovery case after they add themselves as a member of the case.</li></ul> <br/><br/> The primary difference between an eDiscovery Manager and an eDiscovery Administrator is that an eDiscovery Administrator can access all cases that are listed on the **eDiscovery cases** page in the Microsoft Purview portal. An eDiscovery manager can only access the cases they created or cases they're a member of. For more information about making a user an eDiscovery Administrator, see [Assign eDiscovery permissions in the Microsoft Purview portal](/purview/ediscovery-assign-permissions).|Case Management <br/><br/> Communication <br/><br/> Compliance Search <br/><br/> Custodian <br/><br/> Export <br/><br/> Hold <br/><br/> Manage Review Set Tags <br/><br/> Preview <br/><br/> Review <br/><br/> RMS Decrypt|
@@ -140,6 +143,7 @@ Roles that aren't assigned to the Organization Management role group by default
|<sup>\*</sup>**Attack Simulator Admin**|Don't use this role. Use the [Attack Simulation Administrator](/entra/identity/role-based-access-control/permissions-reference#attack-simulation-administrator) role in Microsoft Entra ID.|Attack Simulator Administrators|
146
+
|**AI Administrator**|In addition to the capabilities listed for this role in [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference#ai-administrator), use this role for read-only access to all pages in Data Security Posture Management for AI. This role does not have access to read prompts and responses of AI interactions.|AI Administrators|
143
147
|**Attack Simulator Payload Author**||Don't use this role. Use the [Attack Payload Author](/entra/identity/role-based-access-control/permissions-reference#attack-payload-author) role in Microsoft Entra ID.|
|<sup>\*</sup>**Attack Simulator Payload Author**|Don't use this role in the portals. Use the corresponding role in Microsoft Entra ID.|Attack Simulator Payload Authors|
@@ -174,7 +178,9 @@ Roles that aren't assigned to the Organization Management role group by default
174
178
|<sup>\*</sup>**Data Security Investigations Admin**|Used to create and manage investigations, processes, and settings in Data Security Investigations.|Data Security Investigations Administrators|
175
179
|<sup>\*</sup>**Data Security Investigations Investigator**|Used to create and manage assigned investigations, processes, and settings in Data Security Investigations.|Data Security Investigations Investigators|
176
180
|<sup>\*</sup>**Data Security Investigations Reviewer**|Used to review assigned investigations in Data Security Investigations.|Data Security Investigations Reviewers|
177
-
|**Data Security Viewer**| View access to Data Security Posture Management dashboard insights. Allows users to use Copilot for Security to view details.| Data Security Management |
181
+
|**Data Security AI Content Viewer**|Role for read-only access to prompts and responses of AI interactions in Data Security Posture Management for AI.|Data Security AI Content Viewers|
182
+
|**Data Security AI Viewer**|Role for read-only access to all pages in Data Security Posture Management for AI. This role does not have access to read prompts and responses of AI interactions.|Data Security AI Viewers|
183
+
|**Data Security Viewer**|View access to Data Security Posture Management dashboard insights. Allows users to use Copilot for Security to view details.|Data Security Management|
178
184
|**Device Management**|View and edit settings and reports for device management features.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator|
179
185
|<sup>\*</sup>**Disposition Management**|Control permissions for accessing Manual Disposition in the Defender and compliance portals.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Records Management|
180
186
|**DLP Compliance Management**|View and edit settings and reports for data loss prevention (DLP) policies.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management <br/><br/> Security Administrator|
@@ -204,7 +210,7 @@ Roles that aren't assigned to the Organization Management role group by default
204
210
|<sup>\*</sup>**Manage Review Set Tags**|This role lets users create, edit, and delete review set tags for cases they can access.|eDiscovery Manager|
205
211
|**Organization Configuration**|Run, view, and export audit reports and manage compliance policies for DLP, devices, and preservation.|Compliance Administrator <br/><br/> Compliance Data Administrator <br/><br/> Organization Management|
206
212
|<sup>\*</sup>**Preview**|View a list of items that are returned from content searches, and open each item from the list to view its contents.|Data Investigator <br/><br/> eDiscovery Manager|
207
-
|**Priority Cleanup Admin**|Access Priority Cleanup tab within Data Lifecycle Management to create, update, and delete policies and modify Priority Cleanup settings for the tenant|Organization Management|
213
+
|**Priority Cleanup Admin**|Access Priority Cleanup tab within Data Lifecycle Management to create, update, and delete policies and modify Priority Cleanup settings for the tenant|Organization Management|
208
214
|**Priority Cleanup Viewer**|Access Priority Cleanup tab within Data Lifecycle Management to view policies|Organization Management|
209
215
|<sup>\*</sup>**Privacy Management Admin**|Manage policies in Privacy Management and has access to all functionality of the solution.|Privacy Management <br/><br/> Privacy Management Administrators|
210
216
|<sup>\*</sup>**Privacy Management Analysis**|Perform investigation and remediation of the message violations in Privacy Management. Can only view messages metadata.|Privacy Management <br/><br/> Privacy Management Analysts|
![m365-skilling-repo-management[bot]](https://avatars.githubusercontent.com/in/1161012?v=4&size=40){kind=avatar}
0 commit comments