Update scc-permissions.md

chrisda · chrisda · commit d1f34e6c38bb · 2025-08-01T09:49:24.000-07:00
Cmdlet link improvements
diff --git a/defender-office-365/scc-permissions.md b/defender-office-365/scc-permissions.md
@@ -109,7 +109,7 @@ Managing permissions in Defender for Office 365 or Microsoft Purview gives users
 |**IRM Contributors**|This role group is visible, but is used by background services only.|Insider Risk Management Permanent contribution <br/><br/> Insider Risk Management Temporary contribution|
 |**Knowledge Administrators**|Configure knowledge, learning, assign trainings and other intelligent features.|Knowledge Admin|
 |**MailFlow Administrator**|Members can monitor and view mail flow insights and reports in the Defender portal. Global admins can add ordinary users to this group, but, if the user isn't a member of the Exchange Admin group, the user doesn't have access to Exchange admin-related tasks.|Exchange Administrator <br/><br/> View-Only Recipients|
-|**Organization Management**¹|Members can control permissions for accessing features in these portals, and also manage settings for device management, data loss prevention, reports, and preservation. <br/><br/> Users who aren't global administrators must be Exchange administrators to see and take action on devices that are managed by Basic Mobility and Security for Microsoft 365 (formerly known as Mobile Device Management or MDM). <br/><br/> Global admins are automatically added as members of this role group, but you don't see them in the output of the [Get-RoleGroupMember](/powershell/module/exchange/get-rolegroupmember) cmdlet in [Security & Compliance PowerShell](/powershell/module/exchange/get-rolegroupmember). <br/><br/> **Important**: Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.|Admin Unit Extension Manager <br/><br/> Audit Logs <br/><br/> Case Management <br/><br/> Communication Compliance Admin <br/><br/> Communication Compliance Case Management <br/><br/> Compliance Administrator <br/><br/> Compliance Manager Administration <br/><br/> Compliance Search <br/><br/> Data Connector Admin <br/><br/> Device Management <br/><br/> DLP Compliance Management <br/><br/> Hold <br/><br/> IB Compliance Management <br/><br/> Insider Risk Management Admin <br/><br/> License Usage Reader <br/><br/> Manage Alerts <br/><br/> Organization Configuration <br/><br/> Priority Cleanup Admin <br/><br/> Priority Cleanup Viewer <br/><br/> Quarantine <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Role Management <br/><br/> Scope Manager <br/><br/> Search And Purge <br/><br/> Security Administrator <br/><br/> Security Reader <br/><br/> Sensitivity Label Administrator <br/><br/> Sensitivity Label Reader <br/><br/> Service Assurance View <br/><br/> Tag Contributor <br/><br/> Tag Manager <br/><br/> Tag Reader <br/><br/> View-Only Audit Logs <br/><br/> View-Only Case <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management|
+|**Organization Management**¹|Members can control permissions for accessing features in these portals, and also manage settings for device management, data loss prevention, reports, and preservation. <br/><br/> Users who aren't global administrators must be Exchange administrators to see and take action on devices that are managed by Basic Mobility and Security for Microsoft 365 (formerly known as Mobile Device Management or MDM). <br/><br/> Global admins are automatically added as members of this role group, but you don't see them in the output of the [Get-RoleGroupMember](/powershell/module/exchangepowershell/get-rolegroupmember) cmdlet in [Security & Compliance PowerShell](/powershell/module/exchangepowershell/get-rolegroupmember). <br/><br/> **Important**: Microsoft recommends that you use roles with the fewest permissions. Using lower permissioned accounts helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.|Admin Unit Extension Manager <br/><br/> Audit Logs <br/><br/> Case Management <br/><br/> Communication Compliance Admin <br/><br/> Communication Compliance Case Management <br/><br/> Compliance Administrator <br/><br/> Compliance Manager Administration <br/><br/> Compliance Search <br/><br/> Data Connector Admin <br/><br/> Device Management <br/><br/> DLP Compliance Management <br/><br/> Hold <br/><br/> IB Compliance Management <br/><br/> Insider Risk Management Admin <br/><br/> License Usage Reader <br/><br/> Manage Alerts <br/><br/> Organization Configuration <br/><br/> Priority Cleanup Admin <br/><br/> Priority Cleanup Viewer <br/><br/> Quarantine <br/><br/> RecordManagement <br/><br/> Retention Management <br/><br/> Role Management <br/><br/> Scope Manager <br/><br/> Search And Purge <br/><br/> Security Administrator <br/><br/> Security Reader <br/><br/> Sensitivity Label Administrator <br/><br/> Sensitivity Label Reader <br/><br/> Service Assurance View <br/><br/> Tag Contributor <br/><br/> Tag Manager <br/><br/> Tag Reader <br/><br/> View-Only Audit Logs <br/><br/> View-Only Case <br/><br/> View-Only Device Management <br/><br/> View-Only DLP Compliance Management <br/><br/> View-Only IB Compliance Management <br/><br/> View-Only Manage Alerts <br/><br/> View-Only Recipients <br/><br/> View-Only Record Management <br/><br/> View-Only Retention Management|
 |**Privacy Management**|Manage access control for Privacy Management solution in the Microsoft Purview portal.|Case Management <br/><br/> Compliance Manager Contribution <br/><br/> Compliance Manager Reader <br/><br/> Data Classification Content Viewer <br/><br/> Data Classification List Viewer <br/><br/> Data Map Reader <br/><br/> Insights Reader <br/><br/> Privacy Management Admin <br/><br/> Privacy Management Analysis <br/><br/> Privacy Management Investigation <br/><br/> Privacy Management Permanent contribution <br/><br/> Privacy Management Temporary contribution <br/><br/> Privacy Management Viewer <br/><br/> Source Reader <br/><br/> Subject Rights Request Admin <br/><br/> View-Only Case|
 |**Privacy Management Administrators**|Administrators of privacy management solution that can create/edit policies and define global settings.|Case Management <br/><br/> Compliance Manager Contribution <br/><br/> Compliance Manager Reader <br/><br/> Data Map Reader <br/><br/> Insights Reader <br/><br/> Privacy Management Admin <br/><br/> Source Reader <br/><br/> View-Only Case|
 |**Privacy Management Analysts**|Analysts of privacy management solution that can investigate policy matches, view messages meta data, and take remediation actions.|Case Management <br/><br/> Compliance Manager Reader <br/><br/> Data Classification List Viewer <br/><br/> Data Map Reader <br/><br/> Insights Reader <br/><br/> Privacy Management Analysis <br/><br/> View-Only Case|
