From d7044d4a728f10db5cda0225508eb23a9f4aa6fe Mon Sep 17 00:00:00 2001
From: Ben Jenkins <140325164+Yebbenbe@users.noreply.github.com>
Date: Fri, 25 Apr 2025 11:26:40 -0300
Subject: [PATCH 1/2] Update threat-explorer-real-time-detections-about.md with
 current role requirements

Updated the Entra Global Admin permissions. GA does not seem to be enough for Email Previews anymore, you need the Preview role.
---
 .../threat-explorer-real-time-detections-about.md              | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/defender-office-365/threat-explorer-real-time-detections-about.md b/defender-office-365/threat-explorer-real-time-detections-about.md
index 520d55f148..bbee68406c 100644
--- a/defender-office-365/threat-explorer-real-time-detections-about.md
+++ b/defender-office-365/threat-explorer-real-time-detections-about.md
@@ -70,7 +70,8 @@ To use Explorer or Real-time detections, you need to be assigned permissions. Yo
     - _Move messages in and delete messages from mailboxes_: Requires the **Search and Purge** role, which is assigned only to the **Data Investigator** or **Organization Management** role groups by default. Or, you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and add the users to the custom role group.
   - _Read-only access_: Membership in the **Security Reader** role group.
 - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership these roles gives users the required permissions _and_ permissions for other features in Microsoft 365:
-  - _Full access_: Membership in the **Global Administrator**<sup>\*</sup> or **Security Administrator** roles.
+  - _Full access_: Membership in the **Global Administrator**<sup>\*</sup> or **Security Administrator** roles.  More permissions are required to do all available actions:
+    - _Preview and download messages_: Requires the **Preview** role, which is assigned only to the **Data Investigator** or **eDiscovery Manager** role groups by default.
   - _Search for Exchange mail flow rules (transport rules) by name in Threat Explorer_: Membership in the **Security Administrator** or **Security Reader** roles.
   - _Read-only access_: Membership in the **Global Reader** or **Security Reader** roles.
 

From 9abf8703da9eef4c1f4e8e986125301afab929b0 Mon Sep 17 00:00:00 2001
From: Chris Davis <chris.davis@microsoft.com>
Date: Fri, 25 Apr 2025 08:28:35 -0700
Subject: [PATCH 2/2] Update threat-explorer-real-time-detections-about.md

---
 .../threat-explorer-real-time-detections-about.md             | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defender-office-365/threat-explorer-real-time-detections-about.md b/defender-office-365/threat-explorer-real-time-detections-about.md
index bbee68406c..b65d972831 100644
--- a/defender-office-365/threat-explorer-real-time-detections-about.md
+++ b/defender-office-365/threat-explorer-real-time-detections-about.md
@@ -7,7 +7,7 @@ author: chrisda
 manager: deniseb
 audience: ITPro
 ms.topic: conceptual
-ms.date: 02/18/2025
+ms.date: 04/25/2025
 ms.localizationpriority: medium
 ms.collection:
   - m365-security
@@ -70,7 +70,7 @@ To use Explorer or Real-time detections, you need to be assigned permissions. Yo
     - _Move messages in and delete messages from mailboxes_: Requires the **Search and Purge** role, which is assigned only to the **Data Investigator** or **Organization Management** role groups by default. Or, you can [create a new role group](mdo-portal-permissions.md#create-email--collaboration-role-groups-in-the-microsoft-defender-portal) with the **Search and Purge** role assigned, and add the users to the custom role group.
   - _Read-only access_: Membership in the **Security Reader** role group.
 - [Microsoft Entra permissions](/entra/identity/role-based-access-control/manage-roles-portal): Membership these roles gives users the required permissions _and_ permissions for other features in Microsoft 365:
-  - _Full access_: Membership in the **Global Administrator**<sup>\*</sup> or **Security Administrator** roles.  More permissions are required to do all available actions:
+  - _Full access_: Membership in the **Global Administrator**<sup>\*</sup> or **Security Administrator** roles. More permissions are required to do all available actions:
     - _Preview and download messages_: Requires the **Preview** role, which is assigned only to the **Data Investigator** or **eDiscovery Manager** role groups by default.
   - _Search for Exchange mail flow rules (transport rules) by name in Threat Explorer_: Membership in the **Security Administrator** or **Security Reader** roles.
   - _Read-only access_: Membership in the **Global Reader** or **Security Reader** roles.