Plan for Change: New RBAC permissions for endpoint security policies

Originally posted by Microsoft May 22, 2024 Uncategorized 0 Comments

New RBAC permissions for endpoint security policies are being introduced, allowing more granularity. The ‘Security baselines’ permission will be updated to include only specific workloads, with others getting their own permissions. No immediate action is required as Intune will update permissions automatically. Stay tuned for release details.

Today, you can use the role-based access control (RBAC) built-in role ‘Endpoint Security Manager’ to manage policies and features within the Endpoint security node or, you can limit admin actions by using the custom role with the ‘Security baselines’ permission.

In an upcoming release, we will be adding new permissions for each endpoint security workload to allow for additional granularity. The ‘Security baselines’ permission previously included all security policies and now, it will only include security workloads that do not have their own permission.

Stay tuned to What’s new in Intune for the release!

How this will affect your organization:

There is no change in functionality for the built-in role ‘Endpoint Security Manager’, you will see the additional new permissions listed in ‘Properties’.

If you are using custom roles with the ‘Security baselines’ permission, the new permissions will automatically be assigned to ensure your admins continue to have the same permissions they have today. As an example, if an admin has been assigned a custom role with ‘Security baselines/Read’ permission, that role would include the new permissions, such as Attack surface reduction/Read’. The ‘Security baselines/Read’ would still be applicable for viewing Security baselines, Firewall, Antivirus, and other security policies that do not have a designated permission. Note: All security workloads are expected to eventually have their own permission.

What you need to do to prepare:

No action is required as Intune will make a service-side update to assign the new permissions for admins with a ‘Security baselines’ permission as they become available. If you use these permissions and have documented guides on role-based access, you will want to make a note of these changes and update your administrative guidelines.

If you want to take advantage of the new permissions to add granularity to your roles, stay tuned to What’s new in Intune for the release.

Message ID: MC794811

Comments are closed.

Joao Ferreira

I've been working with Microsoft Technologies over the last ten years, mainly focused on creating collaboration and productivity solutions that drive the adoption of Microsoft Modern Workplace.

%d bloggers like this: