You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/describe-identity-protection-governance-capabilities/includes/3-describe-what-entitlement-management-access-reviews.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ Microsoft Entra ID enables you to collaborate with users from inside your organi
4
4
5
5
There are many use cases in which access reviews should be used. Here are just a few examples.
6
6
7
-
-**Too many users in privileged roles**: It's a good idea to check how many users have administrative access and if there are any invited guests or partners that haven't been removed after being assigned to do an administrative task. You can recertify the role assignment of users in Microsoft Entra roles such as Global Administrators, or Azure resources roles such as User Access Administrator in the Microsoft Entra Privileged Identity Management (PIM) experience.
7
+
-**Too many users in privileged roles**: It's a good idea to check how many users have administrative access and if there are any invited guests or partners that haven't been removed after being assigned to do an administrative task. You can recertify the role assignment of users in Microsoft Entra roles or Azure resources roles in the Microsoft Entra Privileged Identity Management (PIM) experience.
8
8
-**Business critical data access**: For certain resources, such as business critical applications, it might be required as part of compliance processes to ask people to regularly reconfirm and give a justification on why they need continued access.
9
9
-**To maintain a policy's exception list**: Sometimes there are business cases that require you to make exceptions to policies. As the IT admin, you can manage this task and provide auditors with proof that these exceptions are reviewed regularly.
10
10
-**Ask group owners to confirm they still need guests in their groups**: If a group gives guests access to business sensitive content, then it's the group owner's responsibility to confirm the guests still have a legitimate business need for access.
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/describe-threat-protection-with-microsoft-365-defender/includes/7-describe-microsoft-defender-portal.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -3,7 +3,7 @@ A unified security operations platform is a fully integrated toolset for securit
3
3
4
4
Through the Microsoft Defender portal, Microsoft delivers on the promise of a unified security operations platform so you can view the security health of your organization. The Microsoft Defender portal combines protection, detection, investigation, and response to threats across your entire organization and all its components, in a central place.
5
5
6
-
To access the portal, You must be assigned an appropriate role, such as Global Administrator, Security Administrator, Security Operator, or Security Reader in Microsoft Entra ID to access the Microsoft Defender portal.
6
+
To access the portal, you must be assigned an appropriate role such as Global Reader or Administrator, Security Reader or Administrator, or Security Operator in Microsoft Entra ID to access the Microsoft Defender portal.
7
7
8
8
The Defender portal emphasizes quick access to information, simpler layouts, and bringing related information together for easier use.
Copy file name to clipboardExpand all lines: learn-pr/wwl-sci/security-copilot-getting-started/includes/6-describe-how-to-enable-security-copilot.md
+3-6Lines changed: 3 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ Before users can start using Copilot, admins need to provision and allocate capa
14
14
- You must have an Azure subscription.
15
15
- You need to be an Azure owner or Azure contributor, at a resource group level, as a minimum.
16
16
17
-
*Keep in mind that a global administrator in Microsoft Entra ID doesn't necessarily have the Azure owner or Azure contributor role by default. Microsoft Entra role assignments don't grant access to Azure resources. As a global admin in Microsoft Entra, you can enable access management for Azure resources through the Azure portal. For details, see [Elevate access to manage all Azure subscriptions and management groups](/azure/role-based-access-control/elevate-access-global-admin). Once you've enabled access management to Azure resources, you can configure the appropriate Azure role.*
17
+
*Keep in mind that a global Microsoft Entra administrator role doesn't necessarily have the Azure owner or Azure contributor role by default. Microsoft Entra role assignments don't grant access to Azure resources. As a global Microsoft Entra administrator, you can enable access management for Azure resources through the Azure portal. For details, see [Elevate access to manage all Azure subscriptions and management groups](/azure/role-based-access-control/elevate-access-global-admin). Once you've enabled access management to Azure resources, you can configure the appropriate Azure role.*
18
18
19
19
There are two options for provisioning capacity:
20
20
@@ -40,10 +40,7 @@ Once admins complete the steps to onboard to Copilot, they can manage capacity b
40
40
41
41
### Set up the default environment
42
42
43
-
To set up the default environment, you need to have one of the following Microsoft Entra ID roles:
44
-
45
-
- Global administrator
46
-
- Security administrator
43
+
To set up the default environment, you need to have, at least, a Security Administrator role.
47
44
48
45
During the setup of Security Copilot, you're prompted to configure settings. These include:
49
46
@@ -70,7 +67,7 @@ During the setup of Security Copilot, you're prompted to configure settings. The
70
67
- Plugin settings - The admin manages plugins and configures whether to allow Security Copilot to access data from your Microsoft 365 services.
71
68
- Configure who can add and manage their own custom plugins and who can add and manage custom plugins for everyone in the organization.
72
69
- Manage plugin availability and restrict access. When enabled, admins decide which new and existing plugins will be available to everyone in your organization, and which will be restricted to owners only.
73
-
- Allow Security Copilot to access data from your Microsoft 365 services. If this option is turned off, your organization won't be able to use plugins that access Microsoft 365 services. Currently, this option is required for use of the Microsoft Purview plugin. Setting and/or changing this setting requires a user with a Global administrator role.
70
+
- Allow Security Copilot to access data from your Microsoft 365 services. If this option is turned off, your organization won't be able to use plugins that access Microsoft 365 services. Currently, this option is required for use of the Microsoft Purview plugin. Setting and/or changing this setting requires a user with a Copilot owner role or a global Microsoft Entra administrator role.
74
71
75
72
:::image type="content" source="../media/plugin-settings-no-restrictions.png" lightbox="../media/plugin-settings-no-restrictions.png" alt-text="Screen capture showing the plugin settings and the setting to allow Security Copilot to access data from your Microsoft 365 services.":::
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments