Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
213 questions
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
What are the correct roles or permissions to let a user read and edit the email threat policies in Microsoft defender portal?
From what I can find it would be Security Administrator. Is there a way to lower this role so it is not as privileged, if no other built-in roles exist for it?
Defender supports granular RBAC permissions, so you can just use that instead of the Entra roles. You can even create custom roles with just the permissions you need, read here: https://learn.microsoft.com/en-us/defender-xdr/create-custom-rbac-roles