Edit, delete and export roles in Microsoft Defender XDR Unified role-based access control (RBAC)
Applies to:
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
- Microsoft Defender for Identity
- Microsoft Defender for Office 365 P2
- Microsoft Defender Vulnerability Management
- Microsoft Defender for Cloud
- Microsoft Security Exposure Management
In Microsoft Defender XDR Unified role-based access control (RBAC), you can edit and delete custom roles or roles that were imported from Defender for Endpoint, Defender for Identity, or Defender for Office 365.
Edit roles
The following steps guide you on how to edit roles in Microsoft Defender XDR Unified RBAC:
Important
You must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have all the Authorization permissions assigned in Microsoft Defender XDR Unified RBAC to perform this task. For more information on permissions, see Permission pre-requisites. Microsoft recommends that you use roles with the fewest permissions. This helps improve security for your organization. Global Administrator is a highly privileged role that should be limited to emergency scenarios when you can't use an existing role.
Sign in to the Microsoft Defender portal as global administrator or security administrator.
In the navigation pane, select Permissions.
Select Roles under Microsoft Defender XDR to get to the Permissions and roles page.
Select the role you want to edit. You can only edit one role at a time.
Once selected, this opens a flyout pane where you can edit the role:
Note
After editing an imported role, the changes made in Microsoft Defender XDR Unified RBAC will not be reflected back in the individual product RBAC model.
Delete roles
To delete roles in Microsoft Defender XDR Unified RBAC, select the role or roles you want to delete and select Delete roles.
If the workload is active, by removing the role all assigned user permission will be deleted.
Note
After deleting an imported role, the role won't be deleted from the individual product RBAC model. If needed, you can re-import it to the Microsoft Defender XDR Unified RBAC list of roles.
Export roles
The Export feature enables you to export the following roles data:
- Role name
- Role description
- Permissions included in the role
- The assignment name
- The assigned data sources
- The assigned users or user groups
When a role has multiple assignments, each assignment will be represented as a separate row in the CSV file.
The CSV also includes a snapshot of the Defender XDR Unified RBAC activation status for each workload available on the tenant.
The following steps guide you on how to export roles in Microsoft Defender XDR Unified RBAC:
Note
To export roles, you must be a Global Administrator or Security Administrator in Microsoft Entra ID, or have the Authorization (manage) permission assigned for all data sources in Microsoft Defender XDR Unified RBAC and have at least one workload activated for Defender XDR Unified RBAC.
For more information on permissions, see Permission pre-requisites.
Sign in to the Microsoft Defender portal with the required roles or permissions.
In the navigation pane, select Permissions.
Select Roles under Microsoft Defender XDR to get to the Permissions and roles page.
Select the Export button.
A CSV file containing all the roles data will be generated and downloaded to the local machine.
Next steps
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.