Ilias el Kasmi

0 %
avatar
Ilias el Kasmi
Cyber Security Engineer
Windows Security Specialist
  • Residence:
    Netherlands
  • City:
    Amsterdam
  • Age:
    27
Languages
Dutch
English
Amazigh
Skills
Microsoft 365 (Defender Suite)
Azure
Windows (Server)
BurpSuite
Linux
MacOS
ELK Stack
Certificates
  • ISO/IEC 270001
  • SC-900: Microsoft Security, Compliance, and Identity Fundamentals
Trainings
  • Windows and Active Directory Security
  • Defend Against Modern Targeted Attacks
  • TRANSITS II
  • TRANSITS I
  • Jira Essentials
  • Confluence Server
  • Splunk 7.x Fundamentals Part 1
  • Brunel Big Data Experience
Download cv

Microsoft 365 Defender Unified RBAC

15/07/2023

I recently implemented Microsoft 365 Defender Unified RBAC for Microsoft 365 Defender and I want to share my experience with you. Microsoft 365 Defender Unified RBAC is a role-based access control system that allows you to manage permissions for the Microsoft 365 Defender suite. It simplifies the administration of security and reduces the risk of unauthorized access.

Microsoft 365 Defender is a comprehensive security solution that protects your organization from advanced threats, such as ransomware, phishing, and zero-day attacks. It integrates four products: Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, and Microsoft Cloud App Security. It provides unified visibility, automated investigation, and response capabilities across your endpoints, email, identity, and cloud applications.

With Unified RBAC, you can assign roles to different users and groups based on their responsibilities and needs. The advantage of Unified RBAC is the ability to select which permissions each group gets assigned in a granular way. Each role in Unified RBAC can be assigned granular rights in three different permission groups: Security operations, Security posture, and Authorization and settings. After assigning the rights to a role, you can make an assignment specifying which product the assignment is for. For example, endpoint administrators can only get access to the Defender for Endpoint suite. This way, each team has the appropriate level of access and control over the Microsoft 365 Defender portal and its features.

I also created some custom roles to meet specific requirements. For example, I created a role that allows users to view alerts and incidents, but not to take any actions on them. I also created a role that allows users to run advanced hunting queries, but not to export or delete data.

I found Microsoft Unified RBAC for Microsoft 365 Defender very easy to use and configure. It helped me streamline the security management process and improve the security posture of my organization. If you are interested in learning more about Microsoft Unified RBAC for Microsoft 365 Defender, you can check out this link: Microsoft 365 Defender role-based access control (RBAC) | Microsoft Learn

Posted in Microsoft 365 by IliasWhoElseTags:
Previous
All posts
© 2023 All Rights Reserved.