Skip to content

Commit 9150db2

Browse files
diannegalidiannegali
committed
added note on global admin use
1 parent acdccbc commit 9150db2

File tree

1 file changed

+6
-3
lines changed

1 file changed

+6
-3
lines changed

defender-xdr/manage-rbac.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ ms.collection:
1212
- tier3
1313
ms.custom:
1414
ms.topic: overview
15-
ms.date: 03/28/2024
15+
ms.date: 06/13/2024
1616
ms.reviewer:
1717
search.appverid: met150
1818
---
@@ -59,7 +59,7 @@ Centralized permissions management is supported for the following solutions:
5959

6060
This section provides useful information on what you need to know before you start using Microsoft Defender XDR Unified RBAC.
6161

62-
### Permissions pre-requisites
62+
### Permissions prerequisites
6363

6464
- You must be a Global Administrator or Security Administrator in Microsoft Entra ID to:
6565
- Gain initial access to [Permissions and roles](https://security.microsoft.com/mtp_roles) in the Microsoft Defender portal.
@@ -68,7 +68,10 @@ This section provides useful information on what you need to know before you sta
6868

6969
- Create a custom role that can grant access to security groups or individual users to manage roles and permissions in Microsoft Defender XDR unified RBAC. This removes the need for Microsoft Entra global roles to manage permissions. To do this, you need to assign the **Authorization** permission in Microsoft Defender XDR Unified RBAC. For details on how to assign the Authorization permission, see [Create a role to access and manage roles and permissions](create-custom-rbac-roles.md#create-a-role-to-access-and-manage-roles-and-permissions).
7070

71-
- The Microsoft Defender XDR security solution continues to respect existing Microsoft Entra global roles when you activate the Microsoft Defender XDR Unified RBAC model for some or all of your workloads, that is, Global Admins retain assigned admin privileges.
71+
- The Microsoft Defender XDR security solution continues to respect existing Microsoft Entra global roles when you activate the Microsoft Defender XDR Unified RBAC model for some or all of your workloads, that is, Global Administrators retain assigned administrator privileges.
72+
73+
> [!IMPORTANT]
74+
> Global Administrator is a highly privileged role that should be limited to scenarios when you can't use an existing role.
7275
7376
### Migration of existing roles and permissions
7477

0 commit comments

Comments
 (0)