What permissions are required for each admin task in Defender for Endpoint

Written by John Gruber Published on Last Updated on

Your organization has a Microsoft 365 tenant with the following users.

UserA is a member of Group1
UserB is a member of Group2
UserC is a member of Group3

Your organization implements Microsoft Defender for Endpoint. Microsoft Defender for Endpoint is configured with the following roles.

Role Permissions chart

Microsoft Defender for Endpoints contains the following device groups.

Machine group access

Select Yes if the statement is true. Click No if the statement is false.

UserB can collect an investigation package from Device2.

UserA can start an antivirus scan on Device1.

UserC can isolate Device1.

Click to show answer

The Alerts investigation permission grants the user the ability to run anti-virus scans. UserA has alerts investigation so UserA can run anti-virus scans.

The Alerts investigation permission grants the user the ability to collect an investigation package. UserB does not have the alerts investigation permission so UserB cannot collect an investigation package.

The Active remediation actions permission grants the user the ability to isolate a device. UserC has Active remediation actions so User3 can isolate Device1

https://www.gitbit.org/course/ms-500/learn/Protecting-Windows-10-and-other-devices-with-Microsoft-Defender-for-Endpoint-z0qPG6v4T

< Previous Next > Skip Exam >>