Permissions and roles

Son man 20 Reputation points
2024-10-08T20:56:48.71+00:00

for a user I need the role and permissions so I can read, edit, and create email threat policies for spam and phishing.

are the only roles for this higher privileged ones? is there a way to adjust those permissions to lower reach?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,690 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,247 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
213 questions
Microsoft Defender for Cloud Apps
Microsoft Defender for Cloud Apps
A Microsoft cloud access security broker that enables customers to control the access and use of software as a service apps in their organization.
151 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,269 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Xintao Qiao-MSFT 4,235 Reputation points Microsoft Vendor
    2024-10-09T02:46:55.1566667+00:00

    Hi, @Son man

    From your description, I understand that you need more granular management of roles and permissions. I'm just offering a few suggestions from an Exchange Online perspective.

    The roles and permissions to manage spam and phishing email threat policies include:

    Global admin: The global admin has the highest privileges to manage all settings and features in your organisation, including the configuration and management of spam and phishing policies.

    Security Administrator: The Security Administrator role focuses on security-related tasks, including managing email threat policies, viewing and editing security reports, and more.

    Compliance administrators: Compliance administrators can manage compliance-related settings and policies, including email retention policies and data loss prevention (DLP) policies.

    Exchange Administrators: Exchange administrators can manage all settings in Exchange Online, including mail flow rules, spam filtering, and phishing prevention policies.

    You can assign the above permissions and roles to users as needed.

    These higher-privileged roles aren't the only ones, and in order to adjust permissions to a lower scope, you can create custom roles with specific permissions to suit your needs. This can help restrict access to only necessary features without granting full administrative privileges. Similarly, you can assign a Global Reader or a Security Reader to allow other users to view the policy without any modifications.

    For more information on how to create a custom role in Exchange Online, you can check out this article Manage role groups in Exchange Online | Microsoft Learn


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.