question

RogerRoger-2394 avatar image
0 Votes"
RogerRoger-2394 asked JamesTran-MSFT commented

Security Center Permissions

Hi All

i have a user and i would like to give him Read permissions to security center(https://securitycenter.microsoft.com/). If i add him to the Role Security reader in Azure AD, Will it work me. Please guide me.

azure-security-center
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered JamesTran-MSFT commented

@RogerRoger-2394
Thank you for your post!

Assigning the Security Reader role in AzureAD to your user will work. However, keep in mind that you can assign this at the Azure AD or resource level with Azure RBAC (IAM). Depending on your requirements, the Azure AD Security Reader role and the Azure RBAC Security Reader role will give you a different set of permissions. For example, the AzureAD role will give a user global read-only access for security-related features, while the RBAC role will give the user view permissions (recommendations, alerts, a security policy, and security states) for Security Center.


For more info:
Azure AD Security Reader
Azure RBAC Security Reader
Permissions in Azure Security Center


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.


Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@RogerRoger-2394
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?

0 Votes 0 ·
CristianSPIRIDON72 avatar image
0 Votes"
CristianSPIRIDON72 answered

Hi,

If you want to assign roles for Defender for Endpoint, following article might help you.
You will find different roles permissions and you will have to choose the ones that works for you:

https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/user-roles?view=o365-worldwide

Hope this helps.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.