You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-office-365/office-365-ti.md
+3-1Lines changed: 3 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -104,8 +104,10 @@ Microsoft Defender for Office 365 uses role-based access control. Permissions ar
104
104
|Use the Microsoft Defender Vulnerability Management dashboard <br/><br/> View information about recent or current threats|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
105
105
|Use [Explorer (and real-time detections)](threat-explorer-real-time-detections-about.md) to analyze threats|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
106
106
|View Incidents (also referred to as Investigations) <br/><br/> Add email messages to an incident|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
107
-
|Trigger email actions in an incident <br/><br/> Find and delete suspicious email messages|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator** plus the **Search and Purge** role</li></ul> <br/> The **Global Administrator**<sup>\*</sup> and **Security Administrator** roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>). <br/><br/> The **Search and Purge** role must be assigned in the **Email & collaboration roles** in the Microsoft 36 Defender portal (<https://security.microsoft.com>).|
107
+
|Trigger email actions in an incident <br/><br/> Find and delete suspicious email messages|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator** plus the **Search and Purge** role</li></ul> <br/> The **Global Administrator**<sup>\*</sup> and **Security Administrator** roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>). <br/><br/> The **Search and Purge** role must be assigned in the **Email & collaboration roles** in the Microsoft 365 Defender portal (<https://security.microsoft.com>).|
108
108
|Integrate Microsoft Defender for Office 365 Plan 2 with Microsoft Defender for Endpoint <br/><br/> Integrate Microsoft Defender for Office 365 Plan 2 with a SIEM server|Either the **Global Administrator**<sup>\*</sup> or the **Security Administrator** role assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>). <br/><br/> --- **plus** --- <br/><br/> An appropriate role assigned in additional applications (such as [Microsoft Defender Security Center](/windows/security/threat-protection/microsoft-defender-atp/user-roles) or your SIEM server).|
109
+
|View email preview/download .eml of Quarantined emails (view/download only Quarantined emails)|One of the following: <ul><li>**Global Administrator**<sup>\*</sup></li><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
110
+
|View email preview/download .eml of ANY email in Explorer|One of the following: <ul><li>**Security Administrator**</li><li>**Security Reader**</li></ul> <br/> These roles can be assigned in either Microsoft Entra ID (<https://portal.azure.com>) or the Microsoft 365 admin center (<https://admin.microsoft.com>).|
109
111
110
112
> [!IMPORTANT]
111
113
> <sup>\*</sup> Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
0 commit comments