Merge pull request #697 from MicrosoftDocs/diannegali-updaterbac

diannegali · web-flow · commit 90661db162bd · 2024-06-13T14:22:22.000+01:00
added note on global admin use
diff --git a/defender-xdr/activate-defender-rbac.md b/defender-xdr/activate-defender-rbac.md
@@ -2,17 +2,17 @@
 title: Activate Microsoft Defender XDR Unified role-based access control (RBAC)
 description: Activate Microsoft Defender XDR Security unified role-based access control(RBAC)
 ms.service: defender-xdr
-ms.author: siosulli
+ms.author: diannegali
 author: siosulli
 ms.localizationpriority: medium
-manager: dansimp
+manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
 ms.custom: 
 ms.topic: how-to
-ms.date: 08/03/2023
+ms.date: 06/13/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -42,7 +42,7 @@ The following steps guide you on how to activate the Microsoft Defender XDR Unif
 2. [Activate in Microsoft Defender XDR settings](#activate-in-microsoft-365-defender-settings)
 
 > [!IMPORTANT]
-> You must be a Global Administrator or Security Administrator in Microsoft Entra ID to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-pre-requisites).
+> You must be a Global Administrator or Security Administrator in Microsoft Entra ID to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
 
 ### Activate from the Permissions and roles page
 
diff --git a/defender-xdr/create-custom-rbac-roles.md b/defender-xdr/create-custom-rbac-roles.md
@@ -2,17 +2,17 @@
 title: Create custom roles with Microsoft Defender XDR Unified role-based access control (RBAC)
 description: Create custom roles in Microsoft Defender XDR Security portal role-based access control (RBAC)
 ms.service: defender-xdr
-ms.author: siosulli
+ms.author: diannegali
 author: siosulli
 ms.localizationpriority: medium
-manager: dansimp
+manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
 ms.custom: 
 ms.topic: how-to
-ms.date: 08/03/2023
+ms.date: 06/13/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -35,7 +35,7 @@ search.appverid: met150
 The following steps guide you on how to create custom roles in Microsoft Defender XDR Unified RBAC.
 
 > [!IMPORTANT]
-> You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-pre-requisites).
+> You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
 
 1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com).
 2. In the navigation pane, select **Permissions**.
diff --git a/defender-xdr/edit-delete-rbac-roles.md b/defender-xdr/edit-delete-rbac-roles.md
@@ -2,17 +2,17 @@
 title: Edit or delete roles Microsoft Defender XDR Unified role-based access control (RBAC)
 description: Edit or delete roles in Microsoft Defender XDR Security portal experiences using role-based access control (RBAC)
 ms.service: defender-xdr
-ms.author: siosulli
+ms.author: diannegali
 author: siosulli
 ms.localizationpriority: medium
-manager: dansimp
+manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
 ms.custom: 
 ms.topic: how-to
-ms.date: 08/03/2023
+ms.date: 06/13/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -37,7 +37,7 @@ In Microsoft Defender XDR Unified role-based access control (RBAC), you can edit
 The following steps guide you on how to edit roles in Microsoft Defender XDR Unified RBAC:
 
 > [!IMPORTANT]
-> You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-pre-requisites).
+> You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
 
 1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) as global administrator or security administrator.
 2. In the navigation pane, select **Permissions**.
@@ -79,7 +79,7 @@ The following steps guide you on how to export roles in Microsoft Defender XDR U
 >[!Note]
 >To export roles, you must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have the **Authorization (manage)** permission assigned for all data sources in Microsoft Defender XDR Unified RBAC and have at least one workload activated for Unified RBAC.
 >
->For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-pre-requisites).
+>For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
 
 1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com) with the required roles or permissions.
 2. In the navigation pane, select **Permissions**.
diff --git a/defender-xdr/import-rbac-roles.md b/defender-xdr/import-rbac-roles.md
@@ -2,17 +2,17 @@
 title: Import roles to Microsoft Defender XDR Unified role-based access control (RBAC)
 description: Create custom Microsoft Defender XDR Security portal role-based access control (RBAC)
 ms.service: defender-xdr
-ms.author: siosulli
+ms.author: diannegali
 author: siosulli
 ms.localizationpriority: medium
-manager: dansimp
+manager: deniseb
 audience: ITPro
 ms.collection: 
 - m365-security
 - tier3
 ms.custom: 
 ms.topic: how-to
-ms.date: 08/03/2023
+ms.date: 06/13/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -44,7 +44,7 @@ Importing roles will migrate and maintain the roles with full parity in relation
 The following steps guide you on how to import roles into Microsoft Defender XDR Unified RBAC:
 
 > [!IMPORTANT]
-> You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-pre-requisites).
+> You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the **Authorization** permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see [Permission pre-requisites](manage-rbac.md#permissions-prerequisites).
 
 1. Sign in to the [Microsoft Defender portal](https://security.microsoft.com).
 2. In the navigation pane, select **Permissions**.
diff --git a/defender-xdr/manage-rbac.md b/defender-xdr/manage-rbac.md
@@ -3,7 +3,7 @@ title: Microsoft Defender XDR Unified role-based access control (RBAC)
 description: Manage permissions and access to Microsoft Defender XDR Security portal experiences using unified role-based access control (RBAC).
 ms.service: defender-xdr
 ms.author: diannegali
-author: diannegali
+author: siosulli
 ms.localizationpriority: medium
 manager: deniseb
 audience: ITPro
@@ -12,7 +12,7 @@ ms.collection:
 - tier3
 ms.custom: 
 ms.topic: overview
-ms.date: 03/28/2024
+ms.date: 06/13/2024
 ms.reviewer: 
 search.appverid: met150
 ---
@@ -59,7 +59,7 @@ Centralized permissions management is supported for the following solutions:
 
 This section provides useful information on what you need to know before you start using Microsoft Defender XDR Unified RBAC.
 
-### Permissions pre-requisites
+### Permissions prerequisites
 
 - You must be a Global Administrator or Security Administrator in Microsoft Entra ID to:
   - Gain initial access to [Permissions and roles](https://security.microsoft.com/mtp_roles) in the Microsoft Defender portal.
@@ -68,7 +68,10 @@ This section provides useful information on what you need to know before you sta
 
   - Create a custom role that can grant access to security groups or individual users to manage roles and permissions in Microsoft Defender XDR unified RBAC. This removes the need for Microsoft Entra global roles to manage permissions. To do this, you need to assign the **Authorization** permission in Microsoft Defender XDR Unified RBAC. For details on how to assign the Authorization permission, see [Create a role to access and manage roles and permissions](create-custom-rbac-roles.md#create-a-role-to-access-and-manage-roles-and-permissions).
 
-- The Microsoft Defender XDR security solution continues to respect existing Microsoft Entra global roles when you activate the Microsoft Defender XDR Unified RBAC model for some or all of your workloads, that is, Global Admins retain assigned admin privileges.
+- The Microsoft Defender XDR security solution continues to respect existing Microsoft Entra global roles when you activate the Microsoft Defender XDR Unified RBAC model for some or all of your workloads, that is, Global Administrators retain assigned administrator privileges.
+
+> [!IMPORTANT]
+> Global Administrator is a highly privileged role that should be limited to scenarios when you can't use an existing role.
 
 ### Migration of existing roles and permissions
 
