diff --git a/defender-office-365/tenant-allow-block-list-files-configure.md b/defender-office-365/tenant-allow-block-list-files-configure.md index 61495435a4..339fc079ab 100644 --- a/defender-office-365/tenant-allow-block-list-files-configure.md +++ b/defender-office-365/tenant-allow-block-list-files-configure.md @@ -54,7 +54,12 @@ This article describes how admins can manage entries for files in the Microsoft - An entry should be active within 5 minutes. - You need to be assigned permissions before you can do the procedures in this article. You have the following options: - - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (If **Email & collaboration** \> **Exchange Online permissions** permissions is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Active**. Affects the Defender portal only, not PowerShell): **Authorization and settings/Security settings/Detection tuning (manage)** or **Authorization and settings/Security settings/Core security settings (read)**. + - [Microsoft Defender XDR Unified role based access control (RBAC)](/defender-xdr/manage-rbac) (If **Email & collaboration** \> **Defender for Office 365** permissions is :::image type="icon" source="media/scc-toggle-on.png" border="false"::: **Active**. Affects the Defender portal only, not PowerShell): + - *Add and remove entries from the Tenant Allow/Block List*: Membership assigned with the following permissions: + - **Authorization and settings/Security settings/Detection tuning (manage)** + - *Read-only access to the Tenant Allow/Block List*: + - **Authorization and settings/Security settings/Read-only**. + - **Authorization and settings/Security settings/Core Security settings (read)**. - [Exchange Online permissions](/exchange/permissions-exo/permissions-exo): - _Add and remove entries from the Tenant Allow/Block List_: Membership in one of the following role groups: - **Organization Management** or **Security Administrator** (Security admin role).