the Built-in Endpoint Security Manager role is assigned to two AD groups, but this role for whatever reason cannot modify policy?

Winston M. Gonzalez 0

In Intune the built-in Endpoint Security Manager role, is assigned to two AD Groups SG-xxx-MDATP-Administrators and SG-xxx-MDATP-Operator, this role for whatever reason cannot modify policy?

1 answer

Crystal-MSFT 45,571 Reputation points Microsoft Vendor

2023-04-04T02:09:11.95+00:00

@Winston M. Gonzalez, Thanks for posting in Q&A.

For the built-in Endpoint Security Manager Role, it manages security and compliance features, such as security baselines, device compliance, conditional access, and Microsoft Defender for Endpoint.

https://video2.skills-academy.com/en-us/mem/intune/fundamentals/role-based-access-control#built-in-roles

Could you confirm if you are modifying device configuration policy? Based on my checking, for device configuration policy, it only has Read permission.

If you want to manage policy, maybe you can consider the built in Role "Policy and Profile Manager"

Hope the above information can help.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Please sign in to rate this answer.
Crystal-MSFT 45,571 Reputation points Microsoft Vendor

2023-04-06T02:33:40.5133333+00:00

@Winston M. Gonzalez, How are things going? I am writing to see if there's any update on our issue. If yes, feel free to let us know.

HazyBazy 0 Reputation points

2024-06-14T09:02:38.6433333+00:00

Endpoint Security Manager can't read or manage defender for endpoint
Sign in to comment