ASD's Blueprint for Secure Cloud

Permissions

This section describes the configuration of permissions within Microsoft Defender associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.

Estimated reading time: 3 minutes

Roles

Microsoft Defender for Endpoint Administrator (default)

ItemValue
General
All SettingsLeave as default
Assigned user groups
Group NameAzure ATP (workspace name) Administrator

Microsoft Defender for Endpoint Remediation

ItemValue
General
Role nameMicrosoft Defender for Endpoint Remediation
DescriptionPermissions to view Defender ATP details
View Data - Security operationsEnabled
View Data - Defender Vulnerability ManagementEnabled
Active remediation action - Security OperationsEnabled
Active remediation action - Defender Vulnerability Management - Exception handlingEnabled
Active remediation action - Defender Vulnerability Management - Remediation handlingEnabled
Alerts investigationEnabled
Live response capabilitiesEnabled
- AdvancedSelected
Assigned User groups
Group NameAzure ATP (workspace name) User

Microsoft Defender for Endpoint Viewer

ItemValue
General
Role nameMicrosoft Defender for Endpoint Viewer
DescriptionUsers with access to Investigate and Remediate Defender ATP Alerts
View Data - Security operationsEnabled
View Data - Defender Vulnerability ManagementEnabled
Assigned User groups
Group NameAzure ATP (workspace name) Viewer

Device groups

Windows 10/11

ItemValue
Rank1
General
Device group nameWindows 10/11
Remediation levelFull - remediate threats automatically
DescriptionDefender ATP Device Group for all Windows 10 & 11 devices
Devices
NameNot configured
AND DomainNot configured
AND TagNot configured
AND OSIn - Windows 10, Windows 11
User access
Group NameAzure ATP (workspace name) Administrator, Azure ATP (workspace name) Users, Azure ATP (workspace name) Viewers

Ungrouped devices

ItemValue
Ranklast
General
Device group nameUngrouped devices
Remediation levelFull - remediate threats automatically
DescriptionDefender ATP Device Group for all ungrouped devices
Devices
NameNot configured
AND DomainNot configured
AND TagNot configured
AND OSIn - None
User access
Group NameAzure ATP (workspace name) Administrator, Azure ATP (workspace name) Users, Azure ATP (workspace name) Viewers

Security & Governance

  • None identified

Design

Configuration

  • None identified

References

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra