From 7427edaa5afa39e0df736085057c0a72cdd5a58c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 13 Jul 2016 17:03:43 +1000 Subject: [PATCH] add topic in TOC assign user access --- windows/keep-secure/TOC.md | 1 + ...ows-defender-advanced-threat-protection.md | 36 +++++++++++++++++++ 2 files changed, 37 insertions(+) create mode 100644 windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 504f41304c..6d463f47d2 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -679,6 +679,7 @@ ### [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) #### [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) #### [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) +#### [Assign user access to the portal](assign-portal-access-windows-defender-advanced-threat-protection.md) #### [Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) ##### [Configure endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md) ##### [Configure proxy and Internet settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..9291c2ab1b --- /dev/null +++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md @@ -0,0 +1,36 @@ +--- +title: Assign user access to the Windows Defender Advanced Threat Protection portal +description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal. +keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +--- + +# Assign user access to the Windows Defender ATP portal +**Applies to:** + +- Windows 10, version 1607 +- Azure Active Directory +- Office 365 +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). User can be assigned one of the following levels of permissions: +- Full access (Read and Write) +- Read only access + +**Full access** +Users with full access can log in, view all system information as well as resolve alerts, submit files for deep analysis, and download the onboarding package. +Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles. + +**Read only access** +Users with read only access can log in, view all alerts, and related information. +They will not be able to change alert states, submit files for deep analysis or perform any state changing operations. +Assigning read only access rights requires adding the users to the “Security Reader” AAD built-in role. + +Your administrator can assign roles using the Office 365 portal, or in the Azure classic portal, or by using the AAD module for Windows PowerShell. +For more information, see [Assigning admin roles in Office 365](https://support.office.com/en-us/article/Assigning-admin-roles-in-Office-365-eac4d046-1afd-4f1a-85fc-8219c79e1504?ui=en-US&rs=en-US&ad=US) and [Assigning administrator roles in Azure Active Directory](https://azure.microsoft.com/en-us/documentation/articles/active-directory-assign-admin-roles/). +