Skip to content

Latest commit

 

History

History
106 lines (71 loc) · 5.12 KB

edit-delete-rbac-roles.md

File metadata and controls

106 lines (71 loc) · 5.12 KB
Raw
title description ms.service ms.author author ms.localizationpriority manager audience ms.collection ms.custom ms.topic ms.date ms.reviewer search.appverid
Edit or delete roles Microsoft Defender XDR Unified role-based access control (RBAC)
Edit or delete roles in Microsoft Defender XDR Security portal experiences using role-based access control (RBAC)
defender-xdr
diannegali
siosulli
medium
deniseb
ITPro
m365-security
tier3
how-to
06/27/2024
met150

Edit, delete and export roles in Microsoft Defender XDR Unified role-based access control (RBAC)

[!INCLUDE Microsoft Defender XDR rebranding]

Applies to:

In Microsoft Defender XDR Unified role-based access control (RBAC), you can edit and delete custom roles or roles that were imported from Defender for Endpoint, Defender for Identity, or Defender for Office 365.

Edit roles

The following steps guide you on how to edit roles in Microsoft Defender XDR Unified RBAC:

Important

You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the Authorization permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see Permission pre-requisites. Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.

  1. Sign in to the Microsoft Defender portal as global administrator or security administrator.

  2. In the navigation pane, select Permissions.

  3. Select Roles under Microsoft Defender XDR to get to the Permissions and roles page.

  4. Select the role you want to edit. You can only edit one role at a time.

  5. Once selected, this opens a flyout pane where you can edit the role:

    :::image type="content" source="/defender/media/defender/m365-defender-rbac-edit-roles.png" alt-text="Screenshot of the edit roles flyout page" lightbox="/defender/media/defender/m365-defender-rbac-edit-roles.png":::

Note

After editing an imported role, the changes made in Microsoft Defender XDR Unified RBAC will not be reflected back in the individual product RBAC model.

Delete roles

To delete roles in Microsoft Defender XDR Unified RBAC, select the role or roles you want to delete and select Delete roles.

If the workload is active, by removing the role all assigned user permission will be deleted.

Note

After deleting an imported role, the role won't be deleted from the individual product RBAC model. If needed, you can re-import it to the Microsoft Defender XDR Unified RBAC list of roles.

Export roles

The Export feature enables you to export the following roles data:

  • Role name
  • Role description
  • Permissions included in the role
  • The assignment name
  • The assigned data sources
  • The assigned users or user groups

When a role has multiple assignments, each assignment will be represented as a separate row in the CSV file.

The CSV also includes a snapshot of the Defender XDR Unified RBAC activation status for each workload available on the tenant.

The following steps guide you on how to export roles in Microsoft Defender XDR Unified RBAC:

Note

To export roles, you must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have the Authorization (manage) permission assigned for all data sources in Microsoft Defender XDR Unified RBAC and have at least one workload activated for Defender XDR Unified RBAC.

For more information on permissions, see Permission pre-requisites.

  1. Sign in to the Microsoft Defender portal with the required roles or permissions.

  2. In the navigation pane, select Permissions.

  3. Select Roles under Microsoft Defender XDR to get to the Permissions and roles page.

  4. Select the Export button.

    :::image type="content" source="/defender/media/defender/m365-defender-rbac-export-roles.png" alt-text="Screenshot of the export roles page" lightbox="/defender/media/defender/m365-defender-rbac-export-roles.png":::

A CSV file containing all the roles data will be generated and downloaded to the local machine.

Next steps

[!INCLUDE Microsoft Defender XDR rebranding]