deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update RBAC for file downloads

Browse Source 
Different RBAC roles are required for downloading PE vs non-PE files.  Removed periods from bullet items as some had periods and some didnt.
This commit is contained in:
JesseEsquivel 2020-09-03 14:27:15 -04:00 committed by GitHub
parent f20e9f9f20
commit b90e3392d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
windows/security/threat-protection/microsoft-defender-atp/user-roles.md
View File

@ -60,21 +60,22 @@ The following steps guide you on how to create roles in Microsoft Defender Secur
- **Threat and vulnerability management - Exception handling** - Create new exceptions and manage active exceptions
- **Threat and vulnerability management - Remediation handling** - Submit new remediation requests, create tickets, and manage existing remediation activities
- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags.
- **Alerts investigation** - Manage alerts, initiate automated investigations, run scans, collect investigation packages, manage device tags, and download only portable executable (PE) files
- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups.
- **Manage portal system settings** - Configure storage settings, SIEM and threat intel API settings (applies globally), advanced settings, automated file uploads, roles and device groups
> [!NOTE]
> This setting is only available in the Microsoft Defender ATP administrator (default) role.
- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab.
- **Manage security settings in Security Center** - Configure alert suppression settings, manage folder exclusions for automation, onboard and offboard devices, and manage email notifications, manage evaluation lab
- **Live response capabilities**
- **Basic** commands:
- Start a live response session
- Perform read only live response commands on remote device (excluding file copy and execution
- **Advanced** commands:
- Download a file from the remote device
- Download a file from the remote device via live response
- Download PE and non-PE files from the file page
- Upload a file to the remote device
- View a script from the files library
- Execute a script on the remote device from the files library