Skip to content

Commit 66ddaa8

Browse files
denisebmsftdenisebmsft
authored
Merge pull request #5336 from MithunRathinam/patch-38
Update RBAC permissions for Global Administrator role
2 parents bd11dd5 + c2dec0d commit 66ddaa8

File tree

1 file changed

+10
-10
lines changed

1 file changed

+10
-10
lines changed

defender-xdr/compare-rbac-roles.md

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.collection:
1212
- tier3
1313
ms.custom:
1414
ms.topic: concept-article
15-
ms.date: 03/02/2025
15+
ms.date: 10/24/2025
1616
ms.reviewer:
1717
search.appverid: met150
1818
appliesto:
@@ -154,16 +154,16 @@ Use this table to learn about the permissions assigned by default for each workl
154154

155155
|Microsoft Entra role|Microsoft Defender XDR Unified RBAC assigned permissions for all workloads|Microsoft Defender XDR Unified RBAC assigned permissions – workload specific|
156156
|---|-|---|
157-
|Global administrator|Security operations \ Security data \ Security data basics (read)</br>Security operations \ Security data \ Alerts (manage) </br>Security operations \ Security data \ Response (manage)</br>Security posture \ Posture management \ Secure Score (read) </br> Security posture \ Posture management \ Secure Score (manage)</br>Authorization and settings \ Authorization (Read and manage)</br>Authorization and settings \ Security settings (All permissions)</br>Authorization and settings \ System settings (Read and manage) |_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_ </br>Security operations \ Basic live response (manage)</br>Security operations \ Advanced live response (manage) </br> Security operations \ Security data \ File collection (manage) </br>Security posture \ Posture management \ Vulnerability management (read)</br>Security posture \ Posture management \ Exception handling (manage)</br>Security posture \ Posture management \ Remediation handling (manage)</br>Security posture \ Posture management \ Application handling (manage)</br>Security posture \ Posture management \ Security baseline assessment (manage)</br></br> _**Defender for Office only permissions**_ </br> Security operations \ Security data \ Email quarantine (manage)</br>Security operations \ Security data \ Email advanced actions (manage)</br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read)|
157+
|Global administrator|Security operations \ Security data \ Security data basics (read)</br>Security operations \ Security data \ Alerts (manage) </br>Security operations \ Security data \ Response (manage)</br>Security posture \ Posture management \ Exposure Management (read)</br>Security posture \ Posture management \ Exposure Management (manage)</br>Authorization and settings \ Authorization (Read and manage)</br>Authorization and settings \ Security settings (All permissions)</br>Authorization and settings \ System settings (Read and manage) |_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_ </br>Security operations \ Basic live response (manage)</br>Security operations \ Advanced live response (manage) </br> Security operations \ Security data \ File collection (manage) </br>Security posture \ Posture management \ Vulnerability management (read)</br>Security posture \ Posture management \ Exception handling (manage)</br>Security posture \ Posture management \ Remediation handling (manage)</br>Security posture \ Posture management \ Application handling (manage)</br>Security posture \ Posture management \ Security baseline assessment (manage)</br></br> _**Defender for Office only permissions**_ </br> Security operations \ Security data \ Email quarantine (manage)</br>Security operations \ Security data \ Email advanced actions (manage)</br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read)|
158158
|Security administrator|Same as Global administrator|Same as Global administrator|
159-
|Global reader|Security operations \ Security data \ Security data basics (read)</br>Security posture \ Posture management \ Secure Score (read) </br>|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_ </br>Security posture \ Posture management \ Vulnerability management (read)</br></br> _**Defender for Office only permissions**_ </br> Security operations \ Security data \ Response (manage)</br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read)</br>Authorization and settings \ Authorization (read) </br></br>_**Defender for Office and Defender for Identity only permissions**_ </br>Authorization and settings \ Security settings \ Core security settings (read)</br>Authorization and settings \ System settings (read)|
160-
|Security reader|Security operations \ Security data \ Security data basics (read)</br>Security posture \ Posture management \ Secure Score (read) </br>|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_ </br>Security posture \ Posture management \ Vulnerability management (read)</br></br> _**Defender for Office only permissions**_ </br> Security operations \ Security data \ Response (manage)</br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read) </br></br>_**Defender for Office and Defender for Identity only permissions**_ </br>Authorization and settings \ Security settings \ Core security settings (read)</br>Authorization and settings \ System settings (read)|
161-
|Security operator|Security operations \ Security data \ Security data basics (read)</br>Security operations \ Security data \ Alerts (manage) </br>Security operations \ Security data \ Response (manage)</br>Security posture \ Posture management \ Secure Score (read)</br>Authorization and settings \ Security settings (All permissions)|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_</br>Security operations \ Security data \ Basic live response (manage)</br>Security operations \ Security data \ Advanced live response (manage)</br> Security operations \ Security data \ File collection (manage) </br>Security posture \ Posture management \ Vulnerability management (read)</br>Security posture \ Posture management \ Exception handling (manage)</br>Security posture \ Posture management \ Remediation handling (manage)</br></br>_**Defender for Office only permissions**_ </br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read)</br>Authorization and settings \ System settings (Read and manage)</br></br>_**Defender for Identity only permissions**_ </br>Authorization and settings \ System settings (read)|
162-
|Exchange Administrator|Security posture \ Posture management \ Secure Score (read) </br> Security posture \ Posture management \ Secure Score (manage) |_**Defender for Office only permissions**_ </br>Security operations \ Security data \ Security data basic (read) </br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read) </br>Authorization and settings \ System settings (Read and manage)|
163-
|SharePoint Administrator|Security posture \ Posture management \ Secure Score (read) </br> Security posture \ Posture management \ Secure Score (manage)|not applicable|
164-
|Service Support Administrator|Security posture \ Posture management \ Secure Score (read) |not applicable|
165-
|User Administrator|Security posture \ Posture management \ Secure Score (read) |not applicable|
166-
|HelpDesk Administrator|Security posture \ Posture management \ Secure Score (read) |not applicable|
159+
|Global reader|Security operations \ Security data \ Security data basics (read)</br>Security posture \ Posture management \ Exposure Management (read) </br>|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_ </br>Security posture \ Posture management \ Vulnerability management (read)</br></br> _**Defender for Office only permissions**_ </br> Security operations \ Security data \ Response (manage)</br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read)</br>Authorization and settings \ Authorization (read) </br></br>_**Defender for Office and Defender for Identity only permissions**_ </br>Authorization and settings \ Security settings \ Core security settings (read)</br>Authorization and settings \ System settings (read)|
160+
|Security reader|Security operations \ Security data \ Security data basics (read)</br>Security posture \ Posture management \ Exposure Management (read) </br>|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_ </br>Security posture \ Posture management \ Vulnerability management (read)</br></br> _**Defender for Office only permissions**_ </br> Security operations \ Security data \ Response (manage)</br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read) </br></br>_**Defender for Office and Defender for Identity only permissions**_ </br>Authorization and settings \ Security settings \ Core security settings (read)</br>Authorization and settings \ System settings (read)|
161+
|Security operator|Security operations \ Security data \ Security data basics (read)</br>Security posture \ Posture management \ Exposure Management (read) </br>Security operations \ Security data \ Response (manage)</br>Security posture \ Posture management \ Secure Score (read)</br>Authorization and settings \ Security settings (All permissions)|_**Defender for Endpoint and Defender Vulnerability Management permissions only permissions**_</br>Security operations \ Security data \ Basic live response (manage)</br>Security operations \ Security data \ Advanced live response (manage)</br> Security operations \ Security data \ File collection (manage) </br>Security posture \ Posture management \ Vulnerability management (read)</br>Security posture \ Posture management \ Exception handling (manage)</br>Security posture \ Posture management \ Remediation handling (manage)</br></br>_**Defender for Office only permissions**_ </br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read)</br>Authorization and settings \ System settings (Read and manage)</br></br>_**Defender for Identity only permissions**_ </br>Authorization and settings \ System settings (read)|
162+
|Exchange Administrator|Security posture \ Posture management \ Exposure Management (read) </br> Security posture \ Posture management \ Exposure Management (manage) |_**Defender for Office only permissions**_ </br>Security operations \ Security data \ Security data basic (read) </br>Security operations \ Raw data (Email & collaboration) \ Email & collaboration metadata (read) </br>Authorization and settings \ System settings (Read and manage)|
163+
|SharePoint Administrator|Security posture \ Posture management \ Exposure Management (read) </br> Security posture \ Posture management \ Exposure Management (manage)|not applicable|
164+
|Service Support Administrator|Security posture \ Posture management \ Exposure Management (read) |not applicable|
165+
|User Administrator|Security posture \ Posture management \ Exposure Management (read) |not applicable|
166+
|HelpDesk Administrator|Security posture \ Posture management \ Exposure Management (read) |not applicable|
167167
|Compliance administrator|not applicable|_**Defender for Office only permissions**_ </br> Security operations \ Security data \ Security data basics (read)</br> Security operations \ Security data \ Alerts (manage)|
168168
|Compliance data administrator|not applicable|Same as Compliance administrator|
169169
|Billing admin|not applicable|not applicable|

0 commit comments

Comments
 (0)