deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #8218 from JesseEsquivel/patch-4

Browse Source 
Update RBAC for file downloads
This commit is contained in:
jcaparas
2020-09-04 12:23:10 -07:00
committed by GitHub
parent d0dac47c4d b90e3392d1
commit 5e4e682d9c
1 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/threat-protection/microsoft-defender-atp/user-roles.md
View File

@ -60,21 +60,22 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
- **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions - **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions
- **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities - **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities
- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags. - **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags, and download only portable executable (PE) files
- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups. - **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups
> [!NOTE] > [!NOTE]
> This setting is only available in the Microsoft Defender ATP administrator (default) role. > This setting is only available in the Microsoft Defender ATP administrator (default) role.
- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab. - **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab
- **Live response capabilities** - **Live response capabilities**
- **Basic** commands: - **Basic** commands:
- Start a live response session - Start a live response session
- Perform read only live response commands on remote device (excluding file copy and execution - Perform read only live response commands on remote device (excluding file copy and execution
- **Advanced** commands: - **Advanced** commands:
- Download a file from the remote device - Download a file from the remote device via live response
- Download PE and non-PE files from the file page
- Upload a file to the remote device - Upload a file to the remote device
- View a script from the files library - View a script from the files library
- Execute a script on the remote device from the files library - Execute a script on the remote device from the files library