Hola. I’m back with another topic Create Custom Roles in Microsoft 365 Defender Portal. In this article, let’s learn What Cutsom Roles are available and how to create a Custom role in the M365 Defender Portal. It will be an interesting topic to discuss. Our previous article discussed how to Simulate an Attack of Phishing email to educate users.
Organizations always want to provide limited access to their admins so that there will be fewer human errors in the production environment. Microsoft understands this requirement and provides organizations with both built-in admin roles and custom roles. Creating custom roles within Microsoft 365 Defender will give you powerful abilities and granular control for the roles you are going to.
With Custom roles, we can provide granular control for granting users access to the Defender Portal. We can assign only read-only access or provide limited access to the portal. We can assign the roles based on the user to perform the actions on the M365 Defeder portal.
- Microsoft 365 Defender Attack Simulation to Educate Users about Phishing Emails – Part 1
- Microsoft 365 Defender Attack Simulation to Educate Users about Phishing Emails – Part 2
Available Permission Groups for Creating Custom Roles in Microsoft 365 Defender Portal
M365 Defender allows you to import your Legacy roles if you have any, or else you can create a custom role directly. While creating custom roles, Defender allows us to choose permissions across three Permission groups. The permission groups are as follows.
| Permission Group | Permissions |
|---|---|
| Security Operations | Manages day-to-day operations and responds to incidents and advisories in the Defender portal |
| Security Posture | This group of permissions contains security recommendations and tracks remediation tasks, exceptions, and vulnerability permissions |
| Authorization and Settings | These permission groups can be used to configure your security and system settings and create and assign roles |
We can create a custom role with combinations of all three permission groups or by using a single permission group. Based on organizational requirements, create a custom role and assign the role to the users who perform day-to-day activity on the Defender Portal.
Create Custom Roles in the Microsoft 365 Defender Portal
So, we have discussed the custom roles that can be created in the M365 Defender Portal. Now, let’s see how to create a custom role by following the below steps.
- Login to the M365 Defender portal with an admin account that has the necessary permissions
- Scroll to the bottom and look for the Permissions tab on the menu bar on the left-hand side of the portal.
If you use this permission tab for the first time, you will get a message to wait while Microsoft prepares new spaces for your data and connects them. This message will be shown only once and might take 5-10 minutes to prepare
Under the Permission tab, we can see multiple options Microsoft 365 Defender, Azure AD, EndPoint Roles and Groups, Cloud apps. We can view and configure custom roles for each category. As we focus on Defender roles, click on Microsoft 365 Defender at the top. We get some information and permission model and get more Granular control. Click on Roles
Now, on the Permissions and Roles page, we have the option to create a custom role, As we don’t have any custom role created, we will be shown with a blank page and have the option to create a custom role in the middle of the page. Click on Create Custom Role
Now, on the Set Up the Basics page, provide a name and description for the role. I’m choosing Security Analyst as the Name for our testing and clicking Next.
On the Choose Permissions page, we discussed three categories of Permissions above. We can choose permissions from all three permission groups or a single permission group. Let’s see the different types of permissions available in each group.
Security Operation: This permission group contains all operation-related permissions. We can provide access to read and manage the following actions in the screenshot below.
Security posture: This Permission group has permissions related to Security remediations, Vulnerability Management, Security baseline assessment, Application handling, etc., as shown in the screenshot below
Authorization and settings: This Set of permissions has Permission related to Security settings like Detection tuning, Core security settings and System settings, as shown below
So when you click on any permission group, we will have three options to select: All read Permissions provide read-only access to the permission group, All read and manage permissions provide read and Manage permissions and Select custom permissions provide granular control over the permissions.
When Select Custom Permissions is selected, the admin can select other permissions in each category. This provides granular control access to users who will be part of these custom roles. Select the required permissions and click on Apply.
Now you can see the Permission selected column is set to YES under the particular Permission group. If you want to enable other permission groups, select the group, select the permissions, and click Next to navigate to the Assignment page.
Now, on the Assignment page, we can assign the role to either users or groups. Click on Add Assignment, now provide the Assignment name, and we need to select the data source to which the custom role will have access. We can choose all data sources or select a few.
The data sources are Microsoft Defender for Endpoint & Defender Vulnerability Management, Microsoft Defender for Office 365, and Microsoft Defender for Identity. Once the required data source is provided, add users or group names in Assignment Users and Groups and click Apply.
We can have multiple assignments with different data sources in each Assignment. After creating the required Assignments, click on Next to Review and Finish screen. Review all the permissions and click Submit to create the custom role.
After submitting, the role will created and shown under the Permissions and Roles screen. You can edit the permissions whenever you want to, as per your requirement. The overview of the role will show the Data Sources selected and the number of users and groups assigned.
Conclusion
So, having Custom roles in the M365 Defender portal is always a better way of managing user access. I hope this article helps you create and manage custom roles in the M365 Defender portal in your environment. Let’s meet in another blog post. Till then, have a happy learning.
Author
About Author – Narendra Kumar Malepati (Naren) has 11+ years of experience in IT, working on different MDM tools. Over the last seven years, Naren has been working on various features of Intune, including migration from different MDMs to Intune. Naren mainly focuses on Android, iOS, and MacOS.
Hey, Could you mention License requirement as well ? Do the group need E5 license to access Defender ?