You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/create-custom-rbac-roles.md
+20Lines changed: 20 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -36,17 +36,24 @@ The following steps guide you on how to create custom roles in Microsoft Defende
36
36
37
37
> [!IMPORTANT]
38
38
> You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
39
+
> Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
39
40
40
41
1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com).
42
+
41
43
2. In the navigation pane, select **Permissions**.
44
+
42
45
3. Select **Roles** under Microsoft Defender XDR to get to the Permissions and roles page.
46
+
43
47
4. Select **Create custom role**.
48
+
44
49
5. Enter the Role name and description.
50
+
45
51
6. Select **Next** to choose the permissions you want to assign. Permissions are organized in three different categories:
46
52
47
53
:::image type="content" source="/defender/media/defender/m365-defender-rbac-permissions1.png" alt-text="Screenshot of the permissions screen" lightbox="/defender/media/defender/m365-defender-rbac-permissions1.png":::
48
54
49
55
7. Select a permission category (for example, Security operations), and then review the permissions available. You can choose to assign the following different levels of permissions:
56
+
50
57
- Select all read-only permissions – Users will be assigned with all the read-only permissions in this category.
51
58
- Select all read and manage permissions – Users will be assigned all permissions in this category (read and manage permissions).
52
59
- Select custom permissions – Users will be assigned the custom permissions selected.
@@ -61,7 +68,9 @@ The following steps guide you on how to create custom roles in Microsoft Defende
61
68
> If you have assigned custom permissions and new permissions are added to this category, you will need to re-assign your roles with the new permissions if needed.
62
69
63
70
8. Once you have selected your permissions, select **Apply** and then **Next** to assign users and data sources.
71
+
64
72
9. Select **Add assignments** and Enter the Assignment name.
73
+
65
74
10. Under **data sources**, choose if the assigned users will have the selected permissions across all the available products, or only for specific data sources:
66
75
67
76
:::image type="content" source="/defender/media/defender/m365-defender-rbac-assignments.png" alt-text="Screenshot of the assignments screen" lightbox="/defender/media/defender/m365-defender-rbac-assignments.png":::
@@ -83,25 +92,35 @@ The following steps guide you on how to create custom roles in Microsoft Defende
83
92
To access and manage roles and permissions, without being a Global Administrator or Security Administrator in Microsoft Entra ID, you need to create a role with **Authorization** permissions. To create this role:
84
93
85
94
1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) as Global Administrator or Security Administrator.
95
+
86
96
2. In the navigation pane, select **Permissions**.
97
+
87
98
3. Select **Roles** under Microsoft Defender XDR.
99
+
88
100
4. Select **Create custom role**.
101
+
89
102
5. Enter the Role name and description.
103
+
90
104
6. Select **Next** and choose the **Authorization and settings** option.
105
+
91
106
7. On the Authorization and settings category flyout, choose **Select custom permissions** and under **Authorization** select either:
107
+
92
108
- Select all permissions - users will be able to create and manage roles and permissions.
93
109
- Read-only - uses will be able to access and view roles and permissions in a read-only mode.
94
110
95
111
:::image type="content" source="/defender/media/defender/m365-defender-rbac-authorization-role.png" alt-text="Screenshot of the permissions and roles page" lightbox="/defender/media/defender/m365-defender-rbac-authorization-role.png":::
96
112
97
113
8. Select **Apply** and then **Next** to assign users and data sources.
114
+
98
115
9. Select **Add assignments** and enter the Assignment name.
116
+
99
117
10. To choose the **data sources** users assigned the Authorization permission will have access to:
100
118
101
119
- Select **Choose all data sources** to grant users permissions to create new roles and manage roles for all data sources.
102
120
- Select **Select specific data sources** to grant users permissions to create new roles and manage roles for a specific data source. For example, select Microsoft Defender for Endpoint from the dropdown to grant users the Authorization permission for the Microsoft Defender for Endpoint data source only.
103
121
104
122
11. In **Assigned users and groups** – choose the Microsoft Entra security groups or individual users to assign the role to, and select **Add**.
123
+
105
124
12. Select **Next** to review and finish creating the role and then select **Submit**.
106
125
107
126
> [!NOTE]
@@ -111,4 +130,5 @@ To access and manage roles and permissions, without being a Global Administrator
0 commit comments