Defender XDR Unified RBAC – How to manage incidents over GDAP ( CSP accounts )
Hello ,
I am experiencing difficulties in granting access to manage emails on Microsoft Defender XDR to the SOC team. While the RBAC model in Entra ID roles supports GDAP using our CSP accounts, the roles in Defender XDR operate under a completely independent model (unified RBAC defender XDR), making management via our CSP accounts impossible.
I have reviewed the Microsoft Defender Endpoint RBAC documentation but found no solution.
There are Email & collaboration roles in the Microsoft Defender portal that have no equivalent to Microsoft Entra roles, and are important for security operations (for example the Preview role and the Search and Purge role).
Could you provide guidance on how to achieve this, or suggest an alternative approach?
Your assistance would be greatly appreciated.
Hello ,I am experiencing difficulties in granting access to manage emails on Microsoft Defender XDR to the SOC team. While the RBAC model in Entra ID roles supports GDAP using our CSP accounts, the roles in Defender XDR operate under a completely independent model (unified RBAC defender XDR), making management via our CSP accounts impossible.I have reviewed the Microsoft Defender Endpoint RBAC documentation but found no solution. There are Email & collaboration roles in the Microsoft Defender portal that have no equivalent to Microsoft Entra roles, and are important for security operations (for example the Preview role and the Search and Purge role). Could you provide guidance on how to achieve this, or suggest an alternative approach? Your assistance would be greatly appreciated. Read More