MC708505: Unified RBAC provides centralized role-based administration controls for Microsoft Defender for Office 365

Announcement IDMC708505Published Date01-20-2024
ServiceMicrosoft365DefenderLast Updated08-02-2024
CategoryPlan for changeExpiration Date09-16-2024
Roadmap IDAction Required by Date
TagsAdmin impact, User impact


Summary
                Unified RBAC for Microsoft Defender for Office 365 offers centralized controls and is now generally available. The "Defender Platform for Office 365" Service Plan rollout completion is rescheduled for early August 2024. Organizations can opt-in to URBAC, which requires configuring new roles to replace existing RBAC permissions. A wizard is available to assist with importing roles from Microsoft Defender for Office 365. Exchange Online permissions need manual setup. Existing Microsoft Entra global roles will be respected under the new URBAC model. 


More Information

Microsoft Defender XDR unified role-based access control (URBAC) provides an alternative to traditional Microsoft Defender for Office 365 (MDO/EOP) and Exchange Online (EXO) RBAC.

When this will happen:

Microsoft Defender XDR unified role-based access control (URBAC) is generally available.

How this will affect your organization:

Microsoft Defender XDR unified role-based access control (URBAC) enables organizations to configure a single set of permissions for their security teams that work for Defender for Office, as well as the other Defender solutions. URBAC is currently in opt-in mode. 
The new Service Plan has no impact on your organization. 

What you need to do to prepare:

Microsoft Defender XDR unified role-based access control (URBAC) provides an alternative to traditional Microsoft Defender for Office 365 (MDO/EOP) and Exchange Online (EXO) RBAC. By default, there are no changes to your security portal permissions. If you want to enable Unified RBAC, then you must first configure the new URBAC roles for your organization. Once you have configured these roles, then you can enable use of URBAC for Microsoft Defender for Office permissions and/or Exchange Online permissions. Doing so replaces your existing RBAC with the new roles. 

Unified RBAC provides an import roles wizard which will help migrate the permissions from your Microsoft Defender for Office 365 role groups. It will create URBAC role groups with permissions that mirror the legacy permissions and groups you have already set up. It will not migrate/replicate Exchange Online permissions these will require manual configuration in URBAC role groups. 

Please note that URBAC will continue to respect existing Microsoft Entra global roles when you activate the Microsoft Defender XDR Unified RBAC model for Defender for Office 365. i.e. Global Admins and Security Admins will retain assigned admin privileges.

Previous Post Next Post