deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #3573 from MicrosoftDocs/master

Browse Source 
Publish 08/18/2020 3:30 PM
This commit is contained in:
Gary Moore 2020-08-18 15:45:02 -07:00 committed by GitHub
commit 69227b8858
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 58 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -13,7 +13,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/01/2019
ms.date: 08/18/2020
---
# What's new in mobile device enrollment and management
@ -58,6 +58,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What is dmwappushsvc?](#what-is-dmwappushsvc)
- **Change history in MDM documentation**
- [August 2020](#august-2020)
- [July 2020](#july-2020)
- [June 2020](#june-2020)
- [May 2020](#may-2020)
@ -314,11 +315,7 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
<li>Privacy/DisablePrivacyExperience</li>
<li>Privacy/UploadUserActivities</li>
<li>Security/RecoveryEnvironmentAuthentication</li>
<li>System/AllowDesktopAnalyticsProcessing</li>
<li>System/AllowDeviceNameInDiagnosticData</li>
<li>System/AllowMicrosoftManagedDesktopProcessing</li>
<li>System/AllowUpdateComplianceProcessing</li>
<li>System/AllowWUfBCloudProcessing</li>
<li>System/ConfigureMicrosoft365UploadEndpoint</li>
<li>System/DisableDeviceDelete</li>
<li>System/DisableDiagnosticDataViewer</li>
@ -1998,10 +1995,16 @@ What data is handled by dmwappushsvc? | It is a component handling the internal
How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. |
## Change history in MDM documentation
### August 2020
|New or updated topic | Description|
|--- | ---|
|[Policy CSP - System](policy-csp-system.md)|Removed the following policy settings:<br> - System/AllowDesktopAnalyticsProcessing <br>- System/AllowMicrosoftManagedDesktopProcessing <br> - System/AllowUpdateComplianceProcessing<br> - System/AllowWUfBCloudProcessing <br>|
### July 2020
|New or updated topic | Description|
|--- | ---|
|[Policy CSP - System](policy-csp-system.md)|Added the following new policy settings:<br> - <a href="./policy-csp-system.md#system-allowdesktopanalyticsprocessing" id="system-allowdesktopanalyticsprocessing">System/AllowDesktopAnalyticsProcessing </a><br>- <a href="./policy-csp-system.md#system-allowmicrosoftmanageddesktopprocessing" id="system-allowmicrosoftmanageddesktopprocessing">System/AllowMicrosoftManagedDesktopProcessing </a> <br> - <a href="./policy-csp-system.md#system-allowppdatecomplianceprocessing" id="system-allowppdatecomplianceprocessing">System/AllowUpdateComplianceProcessing</a> <br> - <a href="./policy-csp-system.md#system-allowwufbcloudprocessing" id="system-allowwufbcloudprocessing">System/AllowWUfBCloudProcessing</a> <br><br>Updated the following policy setting:<br>- <a href="./policy-csp-system.md#system-allowcommercialdatapipeline" id="system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a> <br>|
|[Policy CSP - System](policy-csp-system.md)|Added the following new policy settings:<br> - System/AllowDesktopAnalyticsProcessing <br>- System/AllowMicrosoftManagedDesktopProcessing <br> - System/AllowUpdateComplianceProcessing<br> - System/AllowWUfBCloudProcessing <br> <br><br>Updated the following policy setting:<br>- <a href="./policy-csp-system.md#system-allowcommercialdatapipeline" id="system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a> <br>|
### June 2020
|New or updated topic | Description|

12
windows/client-management/mdm/policy-configuration-service-provider.md
View File

@ -3379,9 +3379,6 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-system.md#system-allowcommercialdatapipeline" id="system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowdesktopanalyticsprocessing" id="system-allowdesktopanalyticsprocessing">System/AllowDesktopAnalyticsProcessing</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowdevicenameindiagnosticdata" id="system-allowdevicenameindiagnosticdata">System/AllowDeviceNameInDiagnosticData</a>
</dd>
@ -3397,24 +3394,15 @@ The following diagram shows the Policy configuration service provider in tree fo
<dd>
<a href="./policy-csp-system.md#system-allowlocation" id="system-allowlocation">System/AllowLocation</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowmicrosoftmanageddesktopprocessing" id="system-allowmicrosoftmanageddesktopprocessing">System/AllowMicrosoftManagedDesktopProcessing</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowstoragecard" id="system-allowstoragecard">System/AllowStorageCard</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowtelemetry" id="system-allowtelemetry">System/AllowTelemetry</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowppdatecomplianceprocessing" id="system-allowppdatecomplianceprocessing">System/AllowUpdateComplianceProcessing</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowusertoresetphone" id="system-allowusertoresetphone">System/AllowUserToResetPhone</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-allowwufbcloudprocessing" id="system-allowwufbcloudprocessing">System/AllowWUfBCloudProcessing</a>
</dd>
<dd>
<a href="./policy-csp-system.md#system-bootstartdriverinitialization" id="system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>

297
windows/client-management/mdm/policy-csp-system.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 06/25/2020
ms.date: 08/12/2020
ms.reviewer:
manager: dansimp
---
@ -28,9 +28,6 @@ manager: dansimp
<dd>
<a href="#system-allowcommercialdatapipeline">System/AllowCommercialDataPipeline</a>
</dd>
<dd>
<a href="#system-allowdesktopanalyticsprocessing">System/AllowDesktopAnalyticsProcessing </a>
</dd>
<dd>
<a href="#system-allowdevicenameindiagnosticdata">System/AllowDeviceNameInDiagnosticData</a>
</dd>
@ -46,24 +43,15 @@ manager: dansimp
<dd>
<a href="#system-allowlocation">System/AllowLocation</a>
</dd>
<dd>
<a href="#system-allowmicrosoftmanageddesktopprocessing">System/AllowMicrosoftManagedDesktopProcessing</a>
</dd>
<dd>
<a href="#system-allowstoragecard">System/AllowStorageCard</a>
</dd>
<dd>
<a href="#system-allowtelemetry">System/AllowTelemetry</a>
</dd>
<dd>
<a href="#system-allowppdatecomplianceprocessing">System/AllowUpdateComplianceProcessing</a>
</dd>
<dd>
<a href="#system-allowusertoresetphone">System/AllowUserToResetPhone</a>
</dd>
<dd>
<a href="#system-allowwufbcloudprocessing">System/AllowWUfBCloudProcessing</a>
</dd>
<dd>
<a href="#system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
</dd>
@ -257,88 +245,7 @@ The following list shows the supported values:
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-allowdesktopanalyticsprocessing"></a>**System/AllowDesktopAnalyticsProcessing**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /><sup></sup></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Desktop Analytics service is configured to use Windows diagnostic data collected from devices.
If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
>[!Note]
> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Allow Desktop Analytics Processing*
- GP name: *AllowDesktopAnalyticsProcessing*
- GP path: *Data Collection and Preview Builds*
- GP ADMX file name: *DataCollection.admx*
<!--/ADMXBacked-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) Diagnostic data is not processed by Desktop Analytics.
- 2 Diagnostic data is allowed to be processed by Desktop Analytics.
<!--/SupportedValues-->
<!--Example-->
<!--/Example-->
<!--Validation-->
<!--/Validation-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-allowdevicenameindiagnosticdata"></a>**System/AllowDeviceNameInDiagnosticData**
@ -691,71 +598,6 @@ The following list shows the supported values:
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-allowmicrosoftmanageddesktopprocessing"></a>**System/AllowMicrosoftManagedDesktopProcessing**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Microsoft Managed Desktop service is configured to use Windows diagnostic data collected from devices.
If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
> [!Note]
> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
<!--/Description-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) Diagnostic data is not processed by Microsoft Managed Desktop.
- 32 Diagnostic data is processed by Microsoft Managed Desktop.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**
@ -950,78 +792,6 @@ ADMX Info:
<hr/>
<!--Policy-->
<a href="" id="system-allowppdatecomplianceprocessing"></a>**System/AllowUpdateComplianceProcessing**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Update Compliance service is configured to use Windows diagnostic data collected from devices.
If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
>[!Note]
> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) setting to limit the diagnostic data that can be collected from the device.
<!--/Description-->
<!--ADMXBacked-->
ADMX Info:
- GP English name: *Enable Update Compliance Processing*
- GP name: *AllowUpdateComplianceProcessing*
- GP path: *Data Collection and Preview Builds*
- GP ADMX file name: *DataCollection.admx*
<!--/ADMXBacked-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) Diagnostic data is not processed by Update Compliance.
- 16 Diagnostic data is allowed to be processed by Update Compliance.
<!--/SupportedValues-->
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-allowusertoresetphone"></a>**System/AllowUserToResetPhone**
@ -1081,71 +851,6 @@ The following list shows the supported values:
<!--/Policy-->
<hr/>
<!--Policy-->
<a href="" id="system-allowwufbcloudprocessing"></a>**System/AllowWUfBCloudProcessing**
<!--SupportedSKUs-->
<table>
<tr>
<th>Windows Edition</th>
<th>Supported?</th>
</tr>
<tr>
<td>Home</td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
<tr>
<td>Pro</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Business</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Enterprise</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
<tr>
<td>Education</td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Windows Update for Business cloud service is configured to use Windows diagnostic data collected from devices.
If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
>[!Note]
> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
<!--/Description-->
<!--ADMXMapped-->
<!--/ADMXMapped-->
<!--SupportedValues-->
The following list shows the supported values:
- 0 (default) Diagnostic data is not processed by Windows Update for Business cloud.
- 8 Diagnostic data is allowed to be processed by Windows Update for Business cloud.
<!--/SupportedValues-->
<!--/Policy-->
</hr>
<!--Policy-->
<a href="" id="system-bootstartdriverinitialization"></a>**System/BootStartDriverInitialization**

4
windows/client-management/mdm/policy-csps-admx-backed.md
View File

@ -9,7 +9,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
ms.date: 07/18/2019
ms.date: 08/18/2020
---
# ADMX-backed policy CSPs
@ -406,8 +406,6 @@ ms.date: 07/18/2019
- [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout)
- [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
- [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
- [System/AllowDesktopAnalyticsProcessing](./policy-csp-system.md#system-allowdesktopanalyticsprocessing)
- [System/AllowUpdateComplianceProcessing](./policy-csp-system.md#system-allowppdatecomplianceprocessing)
- [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
- [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
- [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)

12
windows/security/threat-protection/microsoft-defender-atp/linux-exclusions.md
View File

@ -67,6 +67,9 @@ Run the following command to see the available switches for managing exclusions:
mdatp exclusion
```
> [!TIP]
> When configuring exclusions with wildcards, enclose the parameter in double-quotes to prevent globbing.
Examples:
- Add an exclusion for a file extension:
@ -96,6 +99,15 @@ Examples:
Folder exclusion configured successfully
```
- Add an exclusion for a folder with a wildcard in it:
```bash
mdatp exclusion folder add --path "/var/*/"
```
```Output
Folder exclusion configured successfully
```
- Add an exclusion for a process:
```bash

28
windows/security/threat-protection/microsoft-defender-atp/live-response.md
View File

@ -23,9 +23,9 @@ ms.topic: article
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
Live response is a capability that gives your security operations team instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats in real time.
Live response gives security operations teams instantaneous access to a device (also referred to as a machine) using a remote shell connection. This gives you the power to do in-depth investigative work and take immediate response actions to promptly contain identified threats—in real time.
Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.
Live response is designed to enhance investigations by enabling your security operations team to collect forensic data, run scripts, send suspicious entities for analysis, remediate threats, and proactively hunt for emerging threats.<br/><br/>
> [!VIDEO https://www.microsoft.com/videoplayer/embed/RE4qLUW]
@ -98,7 +98,7 @@ The dashboard also gives you access to:
## Initiate a live response session on a device
1. Log in to Microsoft Defender Security Center.
1. Sign in to Microsoft Defender Security Center.
2. Navigate to the devices list page and select a device to investigate. The devices page opens.
@ -112,6 +112,10 @@ The dashboard also gives you access to:
Depending on the role that's been granted to you, you can run basic or advanced live response commands. User permissions are controlled by RBAC custom roles. For more information on role assignments, see [Create and manage roles](user-roles.md).
>[!NOTE]
>Live response is a cloud-based interactive shell, as such, specific command experience may vary in response time depending on network quality and system load between the end user and the target device.
### Basic commands
The following commands are available for user roles that are granted the ability to run **basic** live response commands. For more information on role assignments, see [Create and manage roles](user-roles.md).
@ -137,7 +141,7 @@ drivers | Shows all drivers installed on the device. |
|`trace` | Sets the terminal's logging mode to debug. |
### Advanced commands
The following commands are available for user roles that are granted the ability to run **advanced** live response commands. For more information on role assignments see [Create and manage roles](user-roles.md).
The following commands are available for user roles that are granted the ability to run **advanced** live response commands. For more information on role assignments, see [Create and manage roles](user-roles.md).
| Command | Description |
|---|---|
@ -201,7 +205,7 @@ You can have a collection of PowerShell scripts that can run on devices that you
4. Specify if you'd like to overwrite a file with the same name.
5. If you'd like to be know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description.
5. If you'd like to be, know what parameters are needed for the script, select the script parameters check box. In the text field, enter an example and a description.
6. Click **Confirm**.
@ -220,7 +224,7 @@ Some commands have prerequisite commands to run. If you don't run the prerequisi
You can use the auto flag to automatically run prerequisite commands, for example:
```
```console
getfile c:\Users\user\Desktop\work.txt -auto
```
@ -269,7 +273,7 @@ Live response supports output piping to CLI and file. CLI is the default output
Example:
```
```console
processes > output.txt
```
@ -285,7 +289,7 @@ Each command is tracked with full details such as:
## Limitations
- Live response sessions are limited to 10 live response sessions at a time.
- Large scale command execution is not supported.
- Large-scale command execution is not supported.
- A user can only initiate one session at a time.
- A device can only be in one session at a time.
- The following file size limits apply:
@ -295,11 +299,3 @@ Each command is tracked with full details such as:
## Related article
- [Live response command examples](live-response-command-examples.md)

36
windows/security/threat-protection/microsoft-defender-atp/user-roles.md
View File

@ -30,19 +30,21 @@ ms.topic: article
The following steps guide you on how to create roles in Microsoft Defender Security Center. It assumes that you have already created Azure Active Directory user groups.
1. In the navigation pane, select **Settings > Roles**.
1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with a Security administrator or Global administrator role assigned.
2. Select **Add item**.
2. In the navigation pane, select **Settings > Roles**.
3. Enter the role name, description, and permissions you'd like to assign to the role.
3. Select **Add item**.
4. Select **Next** to assign the role to an Azure AD Security group.
4. Enter the role name, description, and permissions you'd like to assign to the role.
5. Use the filter to select the Azure AD group that you'd like to add to this role to.
5. Select **Next** to assign the role to an Azure AD Security group.
6. **Save and close**.
6. Use the filter to select the Azure AD group that you'd like to add to this role to.
7. Apply the configuration settings.
7. **Save and close**.
8. Apply the configuration settings.
> [!IMPORTANT]
> After creating roles, you'll need to create a device group and provide access to the device group by assigning it to a role that you just created.
@ -81,19 +83,27 @@ For more information on the available commands, see [Investigate devices using L
## Edit roles
1. Select the role you'd like to edit.
1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with Security administrator or Global administrator role assigned.
2. Click **Edit**.
2. In the navigation pane, select **Settings > Roles**.
3. Modify the details or the groups that are assigned to the role.
3. Select the role you'd like to edit.
4. Click **Save and close**.
4. Click **Edit**.
5. Modify the details or the groups that are assigned to the role.
6. Click **Save and close**.
## Delete roles
1. Select the role you'd like to delete.
1. Log in to [Microsoft Defender Security Center](https://securitycenter.windows.com/) using account with Security administrator or Global administrator role assigned.
2. Click the drop-down button and select **Delete role**.
2. In the navigation pane, select **Settings > Roles**.
3. Select the role you'd like to delete.
4. Click the drop-down button and select **Delete role**.
## Related topic