Permissions
This section describes the configuration of endpoint permissions settings within Microsoft Defender associated with systems built according to the guidance provided by ASD's Blueprint for Secure Cloud.
Estimated reading time: 3 minutes
Instruction
The below tables outline the as built configuration for ASD’s Blueprint for Secure Cloud (the Blueprint) for the Microsoft Defender portal at the following URL:
https://security.microsoft.com/securitysettings/endpoints/user_roles
The settings described on these pages provide a baseline implementation for a system configured using the Blueprint. Any implementation implied by these pages should not be considered as prescriptive as to how an organisation must scope, build, document, or assess a system.
Implementation of the guidance provided by the Blueprint will differ depending on an organisation’s operating context and organisational culture. Organisations should implement the Blueprint in alignment with their existing change management, business processes and frameworks.
Placeholders such as <ORGANISATION.GOV.AU>, <BLUEPRINT.GOV.AU> and <TENANT-NAME> should be replaced with the relevant details as required.
Roles
Microsoft Defender for Endpoint Administrator (default)
| Item | Value |
|---|---|
| General | |
| All settings | Modification disabled |
| Assigned user groups | |
| Group Name | <Defender for Endpoint administration group> |
Microsoft Defender for Endpoint Remediation
| Item | Value |
|---|---|
| General | |
| Role name | Microsoft Defender for Endpoint Remediation |
| Description | None |
| View Data | Checked |
| - Security operations | Checked |
| - Defender Vulnerability Management | Checked |
| Active remediation actions | Checked |
| - Security Operations | Checked |
| - Defender Vulnerability Management - Exception handling | Checked |
| - Defender Vulnerability Management - Remediation handling | Checked |
| - Defender Vulnerability Management - Application handling | Checked |
| Defender Vulnerability Management - Manage security baselines assessment profiles | Checked |
| Alerts investigation | Checked |
| Manage security settings in Security Center | Unchecked |
| Live response capabilities | Checked |
| - Advanced | Selected |
| Assigned User groups | |
| Group Name | <Defender for Endpoint remediation group> |
Microsoft Defender for Endpoint Viewer
| Item | Value |
|---|---|
| General | |
| Role name | Microsoft Defender for Endpoint Viewer |
| Description | None |
| View Data | Checked |
| - Security operations | Checked |
| - Defender Vulnerability Management | Checked |
| Active remediation actions | Unchecked |
| - Security Operations | Unchecked |
| - Defender Vulnerability Management - Exception handling | Unchecked |
| - Defender Vulnerability Management - Remediation handling | Unchecked |
| - Defender Vulnerability Management - Application handling | Unchecked |
| Defender Vulnerability Management - Manage security baselines assessment profiles | Unchecked |
| Alerts investigation | Unchecked |
| Manage security settings in Security Center | Unchecked |
| Live response capabilities | Unchecked |
| Assigned User groups | |
| Group Name | <Defender for Endpoint view group> |
Device groups
Windows 10/11
| Item | Value |
|---|---|
| Rank | 1 |
| General | |
| Device group name | Windows 10/11 |
| Remediation level | Full remediation |
| Description | None |
| Devices | |
| Name | Not configured |
| AND Domain | Not configured |
| AND Tag | Not configured |
| AND OS | In - Windows 11, Windows 10 |
| User access | |
| Group Name | <Device administration group> |
Ungrouped devices
| Item | Value |
|---|---|
| Rank | Not applicable for the ungrouped devices (default) device group |
| General | |
| Device group name | Ungrouped devices (default) |
| Remediation level | Full remediation |
| Devices | Not applicable for the default ungrouped device group |
| User access | |
| Group Name | <Device administration group> |
Related information
Security and governance
Design
Configuration
- None identified