Give users access to the Security & Compliance Center

Important

Welcome to Microsoft Defender for Office 365, the new name for Office 365 Advanced Threat Protection. Read more about this and other updates in Microsoft delivers unified SIEM and XDR to modernize security operations.

Users need to be assigned permissions in the Security & Compliance Center before they can manage any of its security or compliance features. As a global admin or member of the OrganizationManagement role group in the Security & Compliance Center, you can give these permissions to users. Users will only be able to manage the security or compliance features that you give them access to.

For more information about the different permissions you can give to users in the Security & Compliance Center, check out Permissions in the Security & Compliance Center.

What do you need to know before you begin?

  • You need to be a global admin, or a member of the OrganizationManagement role group in the Security & Compliance Center, to complete the steps in this article.

  • Role groups for the Security & Compliance Center might have similar names to the role groups in Exchange Online, but they're not the same.

  • Role group memberships aren't shared between Exchange Online and the Security & Compliance Center.

  • Delegated Access Permission (DAP) partners with Administer On Behalf Of (AOBO) permissions can't access the Security & Compliance Center.

Use the Security & Compliance Center to give another user access to the Security & Compliance Center

  1. Open the Security & Compliance Center at https://protection.office.com and then go to Permissions. To go directly to the Permissions tab, open https://protection.office.com/permissions.

  2. From the list of role groups, choose the role group, and then click Edit Edit icon.

  3. In the role group's properties page under Members, click AddAdd Icon and select the name of the user (or users) you want to add.

  4. When you've selected all of the users you want to add to the role group, click add-> and then OK.

  5. When you're finished, click Save.

Use Security & Compliance Center PowerShell to give another user access to the Security & Compliance Center

  1. Connect to Security & Compliance Center PowerShell.

  2. Use the following syntax:

    Add-RoleGroupMember -Identity <RoleGroup> -Member <UserIdentity>
    
    - _Identity_ is the role group.
    - _Member_ is the user or universal security group (USG). You can specify only one member at a time.
    
    This example adds MatildaS to the Organization Management role group.
    
    ```PowerShell
    Add-RoleGroupMember -Identity "Organization Management" -Member MatildaS
    

For detailed syntax and parameter issues, see Add-RoleGroupMember

How do you know this worked?

To verify that you've successfully granted access to the Security & Compliance Center, do either of the following steps:

  • In the Security & Compliance Center, go to Permissions and select the role group. In the details flyout that opens, verify the members of the role group.

  • In Security & Compliance Center PowerShell, replace <RoleGroupName> with the name of the role group, and run the following command:

    Get-RoleGroupMember -Identity "<RoleGroupName>"
    

    For detailed syntax and parameter information, see Get-RoleGroupMember.