Important
Microsoft Defender for Business is now in preview, and will roll out gradually to customers and IT Partners who sign-up here to request it. We will onboard an initial set of customers and partners in the coming weeks and will expand the preview leading up to general availability. Note that preview will launch with an initial set of scenarios, and we will be adding capabilities regularly.
Some information in this article relates to prereleased products/services that might be substantially modified before they are commercially released. Microsoft makes no warranties, express or implied, for the information provided here.
To perform tasks in the Microsoft 365 Defender portal, such as configuring Microsoft Defender for Business (preview), viewing reports, or taking response actions on detected threats, appropriate permissions must be assigned to your security team. Permissions are granted through roles that are assigned in the Microsoft 365 Defender portal (https://security.microsoft.com) or in Azure Active Directory.
What to do
- Learn about roles in Defender for Business (preview).
- View or edit role assignments for your security team.
- Proceed to your next steps.
Roles in Defender for Business
The following table describes the three roles that can be assigned in Defender for Business (preview). Learn more about admin roles.
| Permission level | Description |
|---|---|
| Global administrators (also referred to as global admins)
As a best practice, limit the number of global admins. |
Global admins can perform all kinds of tasks. The person who signed up your company for Microsoft 365 or for Microsoft Defender for Business (preview) is a global administrator by default.
Global admins are able to access/change settings across all Microsoft 365 portals, such as: |
| Security administrators (also referred to as security admins) | Security admins can perform the following tasks: – View and manage security policies and settings – View and manage security threats and alerts (these activities include taking response actions on endpoints) – View security information and reports |
| Security reader | Security readers can perform the following tasks: – View security policies and settings – View security threats and alerts – View security information and reports |
View or edit role assignments
- Go to the Microsoft 365 Defender portal (https://security.microsoft.com) and sign in.
- In the navigation pane, choose Permissions & roles, and then under Azure AD, select Roles.
- Select one of the following roles to open its side pane:
- Global administrator
- Security administrator
- Security reader
Important
Microsoft recommends granting people access to only what they need to perform their tasks. We call this concept least privilege for permissions. To learn more, see Best practices for least-privileged access for applications.
- In the side pane, select the Manage members in Azure AD link. This action takes you to Azure Active Directory (Azure AD) where you can view and manage your role assignments.
- Select a user to open their profile, and then choose Assigned roles.
- To add a role, choose + Add assignments.
- To remove a role, choose X Remove assignments.