管理 Microsoft 365 Defender 的存取權Manage access to Microsoft 365 Defender

重要

已改善的 Microsoft 365 安全性中心 現在已提供公開預覽。The improved Microsoft 365 security center is now available in public preview. 這種新的經驗會將 Defender、Office 365 的 Defender、Microsoft 365 Defender 等,帶入 Microsoft 365 的安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 安全小組現在可以管理所有端點、電子郵件及跨產品調查、設定和修正,而不需要流覽個別的產品入口網站。Security teams can now manage all endpoint, email and cross product investigations, configuration and remediation without the need to navigate to separate product portals. 深入瞭解已變更的專案。Learn more about what's changed.

適用於:Applies to:

  • Microsoft 365 DefenderMicrosoft 365 Defender

指派有下列 Azure Active Directory 帳戶 (AD) 角色可以存取 Microsoft 365 Defender 功能和資料:Accounts assigned the following Azure Active Directory (AD) roles can access Microsoft 365 Defender functionality and data:

  • 全域管理員Global administrator
  • 安全性系統管理員Security administrator
  • 安全性操作員Security Operator
  • 全域讀取者Global Reader
  • 安全性讀取者Security Reader

若要檢閱具有這些角色的帳戶,請在 Microsoft 365 安全性中心檢視權限To review accounts with these roles, view Permissions in the Microsoft 365 security center.

存取功能Access to functionality

特定功能的存取權由您的 Azure AD 角色決定。Access to specific functionality is determined by your Azure AD role. 如果您得存取需要為您或使用者群組指派新角色的特定功能,請與全域管理員連絡。Contact a global administrator if you need access to specific functionality that requires you or your user group be assigned a new role.

核准擱置的自動化工作Approve pending automated tasks

自動化調查和補救可針對電子郵件、轉寄規則、檔案、持續性機制和調查期間找到的其他成品採取動作。Automated investigation and remediation can take action on emails, forwarding rules, files, persistence mechanisms, and other artifacts found during investigations. 若要核准或拒絕需要明確核准的擱置中動作,您必須在 Microsoft 365 中指派特定角色。To approve or reject pending actions that require explicit approval, you must have certain roles assigned in Microsoft 365. 若要深入瞭解,請參閱重要訊息中心權限To learn more, see Action center permissions.

資料存取權Access to data

Microsoft 365 Defender 資料的存取權可以使用在 Microsoft Defender 中指派給使用者群組的範圍控制端點角色型存取控制 (RBAC) 。Access to Microsoft 365 Defender data can be controlled using the scope assigned to user groups in Microsoft Defender for Endpoint role-based access control (RBAC). 如果您的存取範圍尚未設定為端點的 Defender 中一組特定裝置,您將擁有 Microsoft 365 Defender 資料的完整存取權。If your access has not been scoped to a specific set of devices in the Defender for Endpoint, you will have full access to data in Microsoft 365 Defender. 不過,一旦您的帳戶限定範圍設定完畢,就只會看到範圍內裝置的相關資料。However, once your account is scoped, you will only see data about the devices in your scope.

例如,如果您只屬於具有 Microsoft Defender 端點角色的一個使用者群組,而且該使用者群組僅取得銷售裝置的存取權限,您只會在 Microsoft 365 Defender 中看見銷售裝置的資料。For example, if you belong to only one user group with a Microsoft Defender for Endpoint role and that user group has been given access to sales devices only, you will see only data about sales devices in Microsoft 365 Defender. 深入瞭解 Microsoft Defender for Endpoint 中的 RBAC 設定Learn more about RBAC settings in Microsoft Defender for Endpoint

Microsoft Cloud App Security 存取控制Microsoft Cloud App Security access controls

在預覽期間,Microsoft 365 Defender 不會根據雲端 App 安全性設定強制執行存取控制。During the preview, Microsoft 365 Defender does not enforce access controls based on Cloud App Security settings. 存取 Microsoft 365 Defender 資料不受這些設定影響。Access to Microsoft 365 Defender data is not affected by these settings.