New Microsoft 365 Defender RBAC (Preview)

Andres Bohren

2023-02-08

Hi All,

I’ve stumbled accross the new Microsoft 365 Defender Role-based access control (RBAC). It is still in Preview but i gave it a go.For now you can create the RBAC Roles only in the M365 Defender Portal. But Graph Integration is at least on the Roadmap.

Let’s have a look. You can find it under the Microsoft 365 Defender Portal

Let’s create a custom role

Give it a Name and some Discription if you like

Select one of the Categories

Select the Permissions you need or want

Add an assignment

Give it a name and select the Identities

The summary page

Sucessfully created the RBAC Role

That’s how it looks like in the Portal

I guess because of the “Security data basics (read)” Permissions i could access a lot of Information.

For just Microsoft 365 Defender for Office 365 / Exchang Online Protection Quarantine it’s better to use the “Email and Collaboration Roles”

And assign just the Quarantine Permission

That’s much better if you just want someone to manage the Quarantine

Regards
Andres Bohren

Works as a Microsoft Cloud Engineer/Architect for midsize to large Enterprises. He has a special focus on M365 including Identity, Messaging, Communication, Security and PowerShell but also Azure Technologies. He is Co-Organisator of the <Microsoft 365 Community Schweiz> Meetup group and was Speaker at several other Meetups.