You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/custom-roles.md
+3-4Lines changed: 3 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,9 +47,9 @@ Each Microsoft Defender service has its own custom role management settings, wit
47
47
1. In the navigation pane, select **Permissions**.
48
48
1. Select the **Roles** link for the service where you want to create a custom role. For example, for Defender for Endpoint:
49
49
50
-
:::image type="content" source="media/custom-roles/custom-roles-endpoint.jpeg" alt-text="Screenshot of a Roles link for Defender for Endpoint.":::
50
+
:::image type="content" source="./media/custom-roles/custom-roles-endpoint.png" alt-text="Screenshot of a Roles link for Defender for Endpoint.":::
51
51
52
-
## Reference to service-specific content
52
+
## Required roles for Defender XDR services
53
53
54
54
Custom role names aren't connected to global roles in Microsoft Entra ID, even if similarly named. For example, a custom role named *Security Admin* in Microsoft Defender for Endpoint isn't connected to the global *Security Admin* role in Microsoft Entra ID.
55
55
@@ -62,8 +62,7 @@ For Defender for Endpoint and Defender for Office, use custom roles as follows:
62
62
|**Manage alerts and incidents**| Alert investigation |One of the following: <ul><li>Manage alerts<li>Security admin|
63
63
|**Action center remediation**| Active remediation actions – security operations | Search and purge |
64
64
|**Set custom detections**| Manage security settings | One of the following: <ul><li>Manage alerts<li>Security admin|
65
-
|**Threat analytics** | For alert and incidents data: View data- security operations <br><br>For vulnerability management mitigations: View data - Threat and vulnerability management | For alerts and incidents data, one of the following: <ul><li>View-only Manage alerts<li>Manage alerts<li>Organization configuration<li>Audit logs<li>View-only audit logs<li>Security reader<li>Security admin<li>View-only recipients
66
-
<br>For prevented email attempts, one of the following:<ul><li>Security reader<li>Security admin<li>View-only recipients |
65
+
|**Threat analytics**| For alert and incidents data: View data- security operations <br><br>For vulnerability management mitigations: View data - Threat and vulnerability management | For alerts and incidents data, one of the following: <ul><li>View-only Manage alerts<li>Manage alerts<li>Organization configuration<li>Audit logs<li>View-only audit logs<li>Security reader<li>Security admin<li>View-only recipients<br>For prevented email attempts, one of the following:<ul><li>Security reader<li>Security admin<li>View-only recipients |
0 commit comments