Set up RBAC permissions to access site security

The Microsoft Defender portal allows granular access to features and data based on user roles and the permissions given to each user with Role-Based Access Control (RBAC).

To access the Microsoft Defender for IoT features in the Defender portal, such as site security, and Defender for IoT specific alerts and vulnerability updates, you need to assign permissions and roles to the correct users.

This article shows you how to set up the new roles and permissions to access the site security and Defender for IoT specific features.

To make general changes to RBAC roles and permissions that relate to all other areas of Defender for IoT, see configure general RBAC permissions.

Important

This article discusses Microsoft Defender for IoT in the Defender portal (Preview).

If you're an existing customer working on the classic Defender for IoT portal (Azure portal), see the Defender for IoT on Azure documentation.

Learn more about the Defender for IoT management portals.

Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, with respect to the information provided here.

Prerequisites

Access management options

There are two ways to manage user access to the Defender portal, depending on the type of tenent you're using. Each system has different named permissions that allow access for site security. The two systems are:

The instructions and permission settings listed in this article apply to Defender XDR Unified RBAC.

RBAC for version 1 or 2

Depending on your tenant, you might have access to RBAC version 1 or 2 instead of Defender XDR Unified RBAC. For more information, see permissions for RBAC version 1, or permissions for RBAC version 2.

If you're using the Defender portal for the first time, you need to set up all of your roles and permissions. For more information, see manage portal access using role-based access control.

Set up Defender XDR Unified RBAC roles for site security

Assign RBAC permissions and roles, based on the summary table, to give users access to site security features:

  1. In the Defender portal, select Settings > Microsoft XDR > Permissions and roles.

  2. Enable Endpoints & Vulnerability Management.

  3. Select Go to Permissions and roles.

  4. Select Create custom role.

  5. Type a Role name, and then select Next for Permissions.

    Screenshot of the permissions set up page for site security.

  6. Select Security operations, and select Select custom permissions.

  7. In Security settings, select Security data basics and select Apply

  8. Select Authorization and settings, select Select custom permissions.

  9. In Security data ,select Core security settings (manage) and select Apply

    Screenshot of the permissions set up page with the specific permissions chosen for site security.

  10. Select Next for Assignments.

  11. Select Add assignment, type a name, choose users and groups and select the Data sources.

  12. Select Add.

  13. Select Next to Review and finish.

  14. Select Submit.

Summary of roles and permissions for site security

Write permissions Read permissions
Defender Permissions: Core security settings scoped to all device groups.
Entra ID roles: Global Administrator, Security Administrator, Security Operator scoped to all device groups.
Write roles (including roles that aren't scoped to all device groups).
Defender Permissions: Security data basics (under Security Operations).
Entra ID roles: Global Reader, Security Reader.

Next steps

Once you have set up the RBAC roles and permissions, set up a site so that Microsoft Defender for IoT can begin sending data to the Defender portal.