You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-iot/set-up-rbac.md
+11-10Lines changed: 11 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,12 +28,13 @@ To make general changes to RBAC roles and permissions that relate to all other a
28
28
29
29
## Access management options
30
30
31
-
There are two ways to manage user access to the Defender portal, depending on the type of tenent you're using. Each system has different named permissions that allow access for site security. The two systems are:
31
+
There are three ways to manage user access to the Defender portal, depending on the type of tenent you're using. Each system has different named permissions that allow access for site security. The systems are:
32
32
33
33
-[Global Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference).
34
-
-[Microsoft Defender XDR Unified RBAC](/defender-xdr/custom-roles): Use Defender XDR Unified role-based access control (RBAC) to manage access to specific data, tasks, and capabilities in the Defender portal.
34
+
-[Microsoft Defender XDR Unified RBAC](/defender-xdr/manage-rbac): Use Defender XDR Unified role-based access control (RBAC) to manage access to specific data, tasks, and capabilities in the Defender portal.
35
+
-[Microsoft Defender for Endpoint RBAC](/defender-endpoint/user-roles) (use the link): Use Defender for Endpoint XDR role-based access control (RBAC) to manage access to specific data, tasks, and capabilities in the Defender portal.
35
36
36
-
The instructions and permission settings listed in this article apply to both Defender XDR Unified and MDE RBAC.
37
+
The instructions and permission settings listed in this article apply to both Defender XDR Unified and Microsfot Defender for Endpoint XDR RBAC.
37
38
38
39
## Set up Defender XDR Unified RBAC roles for site security
39
40
@@ -63,7 +64,7 @@ Assign RBAC permissions and roles, based on the [summary table](#summary-of-rbac
63
64
1. Select **Next** to **Review and finish**.
64
65
1. Select **Submit**.
65
66
66
-
## Set up Defender XDR for MDE RBAC (Version 2) roles for site security
67
+
## Set up Microsfot Defender for Endpoint XDR RBAC (Version 2) roles for site security
67
68
68
69
Assign RBAC permissions and roles, based on the [summary table](#summary-of-rbac-roles-and-permissions-for-site-security), to give users access to site security features:
69
70
@@ -72,15 +73,15 @@ Assign RBAC permissions and roles, based on the [summary table](#summary-of-rbac
72
73
1. Type a **Role name**, and a **Description**.
73
74
1. Select **Next** for Permissions.
74
75
75
-
:::image type="content" source="media/set-up-rbac/permissions-mde-rbac2-add-role.png" alt-text="Screenshot of the MDE RBAC (version2) permissions set up page for site security." lightbox="media/set-up-rbac/permissions-mde-rbac2-add-role.png":::
76
+
:::image type="content" source="media/set-up-rbac/permissions-mde-rbac2-add-role.png" alt-text="Screenshot of the Microsfot Defender for Endpoint XDR RBAC (version2) permissions set up page for site security." lightbox="media/set-up-rbac/permissions-mde-rbac2-add-role.png":::
76
77
77
78
1. For read permissions, in **View Data**, select **Security Operations**.
78
79
79
-
:::image type="content" source="media/set-up-rbac/permissions-mde-rbac2-read-options.png" alt-text="Screenshot of the MDE RBAC (version2) permissions set up page with the specific read permissions chosen for site security." lightbox="media/set-up-rbac/permissions-mde-rbac2-read-options.png":::
80
+
:::image type="content" source="media/set-up-rbac/permissions-mde-rbac2-read-options.png" alt-text="Screenshot of the Microsfot Defender for Endpoint XDR RBAC (version2) permissions set up page with the specific read permissions chosen for site security." lightbox="media/set-up-rbac/permissions-mde-rbac2-read-options.png":::
80
81
81
82
1. For write permissions, select **Manage security settings in Security Center**.
82
83
83
-
:::image type="content" source="media/set-up-rbac/permissions-mde-rbac2-write-options.png" alt-text="Screenshot of the MDE RBAC (version2) permissions set up page with the specific read and write permissions chosen for site security." lightbox="media/set-up-rbac/permissions-mde-rbac2-write-options.png":::
84
+
:::image type="content" source="media/set-up-rbac/permissions-mde-rbac2-write-options.png" alt-text="Screenshot of the Microsfot Defender for Endpoint XDR RBAC (version2) permissions set up page with the specific read and write permissions chosen for site security." lightbox="media/set-up-rbac/permissions-mde-rbac2-write-options.png":::
84
85
85
86
1. Select **Next**.
86
87
1. In **Assigned user groups**, select the user groups from the list to assign to this role.
@@ -92,13 +93,13 @@ Assign RBAC permissions and roles, based on the [summary table](#summary-of-rbac
92
93
93
94
|Write permissions |Read permissions |
94
95
|----|----|
95
-
|**MDE Roles**: Core security settings (manage) under Authorization and Settings and scoped to all device groups. <br>**Entra ID roles**: Global Administrator, Security Administrator, Security Operator and scoped to all device groups.| Write roles (including roles that are non-scoped to all device groups). <br> **MDE Roles**: Security data basics (under Security Operations).<br>**Entra ID roles**: Global Reader, Security Reader.|
96
+
|**Microsoft Defender for Endpoint roles**: Core security settings (manage) under Authorization and Settings and scoped to all device groups. <br>**Entra ID roles**: Global Administrator, Security Administrator, Security Operator and scoped to all device groups.| Write roles (including roles that are non-scoped to all device groups). <br> **Microsoft Defender for Endpoint Roles**: Security data basics (under Security Operations).<br>**Entra ID roles**: Global Reader, Security Reader.|
96
97
97
-
**For MDE RBAC (version 2)**:
98
+
**For Microsfot Defender for Endpoint XDR RBAC (version 2)**:
98
99
99
100
|Write permissions |Read permissions |
100
101
|----|----|
101
-
|**MDE roles**: Manage security settings in Security Center and scoped to all device groups.<br>**Entra ID roles**: Global Administrator, Security Administrator.| Write roles (including roles that are non-scoped to all device groups). <br> **MDE roles**: View data - Security operations (read). <br>**Entra ID roles**: Global Reader, Security Reader.|
102
+
|**Microsoft Defender for Endpoint roles**: Manage security settings in Security Center and scoped to all device groups.<br>**Entra ID roles**: Global Administrator, Security Administrator.| Write roles (including roles that are non-scoped to all device groups). <br> **Microsoft Defender for Endpoint roles**: View data - Security operations (read). <br>**Entra ID roles**: Global Reader, Security Reader.|
0 commit comments