What Permissions required for Managing Tags?
Recently, In one of my customer conversation across Microsoft Defender for Endpoint (MDE), Interestingly they asked me few questions…
- Vijay, What role is required for the following actions: (a) Managing (crud) Manual Tags across all devices & (b) Managing (crud) Rule-based Tags that impact all devices
- Is there a way to add explicit permissions for tag management
With a screenshot to share more clarity on the above question’s…
When I looked back at the traditional RBAC for MDE, their I see “manage device tags” embedded within the Alerts investigation permission. I don’t see anything finer-grained in terms of manual vs. rule-based tags — my assumption is that this permission should be covering both.
To Further explore, I visited few of the sites to get more deeper understanding on the customer queries