Microsoft 365 Message Center Archive

MC708505 - Unified RBAC provides centralized role-based administration controls for Microsoft Defender for Office 365

Message ID

MC708505

View in Message Center

Service

Microsoft Defender XDR

Last Updated

Apr 15, 2024

Published Jan 20, 2024

Tag

Updated message
New feature
User impact
Admin impact

More information

Updated April 12, 2024: We have updated the timing of the "Defender Platform for Office 365" Service Plan availability to complete in late July 2024. Thank you for your patience.

Microsoft Defender XDR unified role-based access control (URBAC) provides an alternative to traditional Microsoft Defender for Office 365 (MDO/EOP) and Exchange Online (EXO) RBAC.

When this will happen:

Microsoft Defender XDR unified role-based access control (URBAC) is generally available. 
The "Defender Platform for Office 365" Service Plan will complete rolling out in late July 2024.

How this will affect your organization:

Microsoft Defender XDR unified role-based access control (URBAC) enables organizations to configure a single set of permissions for their security teams that work for Defender for Office, as well as the other Defender solutions. URBAC is currently in opt-in mode. 
The new Service Plan has no impact on your organization. 

What you need to do to prepare:

Microsoft Defender XDR unified role-based access control (URBAC) provides an alternative to traditional Microsoft Defender for Office 365 (MDO/EOP) and Exchange Online (EXO) RBAC. By default, there are no changes to your security portal permissions. If you want to enable Unified RBAC, then you must first configure the new URBAC roles for your organization. Once you have configured these roles, then you can enable use of URBAC for ‘Microsoft Defender for Office’ permissions and/or ‘Exchange Online’ permissions. Doing so replaces your existing RBAC with the new roles. You can find more information over here - Microsoft 365 Defender Unified role-based access control (RBAC) | Microsoft Learn

Unified RBAC provides an import roles wizard which will help migrate the permissions from your Microsoft Defender for Office 365 role groups. It will create URBAC role groups with permissions that mirror the legacy permissions and groups you have already set up. It will not migrate/replicate Exchange Online permissions – these will require manual configuration in URBAC role groups. 

Please note that URBAC will continue to respect existing Microsoft Entra global roles when you activate the Microsoft Defender XDR Unified RBAC model for Defender for Office 365. i.e. Global Admins and Security Admins will retain assigned admin privileges.