Skip to content

Latest commit

 

History

History
57 lines (42 loc) · 2.92 KB

assign-portal-access.md

File metadata and controls

57 lines (42 loc) · 2.92 KB
Raw
title description search.appverid ms.service ms.subservice ms.author author ms.localizationpriority manager audience ms.collection ms.topic ms.date
Assign user access
Assign read and write or read only access to the Microsoft Defender for Endpoint portal.
met150
defender-endpoint
onboard
siosulli
siosulli
medium
deniseb
ITPro
m365-security
tier2
conceptual
06/25/2024

Assign user access

[!INCLUDE Microsoft Defender XDR rebranding]

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

Defender for Endpoint supports two ways to manage permissions:

Change from basic permissions to RBAC

If you have already assigned basic permissions, you can switch to RBAC anytime. Consider the following before making the switch:

  • Users who have full access (users who are assigned the Global Administrator or Security Administrator directory role in Microsoft Entra ID), are automatically assigned the default Defender for Endpoint administrator role, which also has full access.
  • Other Microsoft Entra user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC.
  • Only users who are assigned the Defender for Endpoint administrator role can manage permissions using RBAC.
  • Users who have read-only access (Security Readers) lose access to the portal until they are assigned a role. Only Microsoft Entra user groups can be assigned a role under RBAC.
  • After switching to RBAC, you can't switch back to using basic permissions management.

Important

Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

Related articles

[!INCLUDE Microsoft Defender for Endpoint Tech Community]