Controlling permissions within the Security and Compliance Center will only grant access to the features from this specific admin center. If you are required to assign permissions to other security and compliance features within other admin centers, you will need to access the relevant one to assign those permissions (for example, to assign the SharePoint Contributor role, you will need to access the SharePoint Admin Center).
You can find a full list of the default role groups that are accessible in the Security and Compliance Center, as well as the roles that are assigned to those groups by default at the following Microsoft docs link: https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide.
As you can see, there are a lot of role groups available within the Microsoft 365 Security and Compliance Center. You will not need to know each one for the exam; however, it is important to understand the main differences between the Reviewer, Reader, Operator, and Administrator level groups. In the next section of this chapter, we will do a lab exercise in which you will add a user as a member of a role group within the Microsoft 365 Security and Compliance Center and by using PowerShell.
Providing users with access to the Security and Compliance Center
The following steps will guide you through how to give a user the relevant permissions to allow them access to the Security and Compliance Center. Here, users will then be able to configure and administer sensitivity labels. Before you start these steps, there is some information you need to be aware of:
- The account you are using for these steps needs to be a global admin or assigned to the OrganizationManagement role group within the Microsoft 365 Security and Compliance Center.
- Exchange Online and the Security & Compliance Center may have similar role group names, but they are not the same.
- Exchange Online and the Security and Compliance Center do not share Role Group membership.
The steps are as follows:
- You cannot access the Security and Compliance Center when you are Delegated Access Permission (DAP) partners with Administer On Behalf Of (AOBO) permissions. Now that you understand these points, we will walk through how to assign users to different role groups. Navigate to the Permissions tab from within the Security and Compliance Center at https://protection.office.com:
Figure 5.3 – Permissions tab within the Security and Compliance Center
2. Select the role group from the Compliance center list within the central pane, choose the group you want to edit, and then Edit role group:
Figure 5.4 – Edit role group
3. Within the properties page, next to Members, click on Edit:
Figure 5.5 – Editing members of the role group
4. Click on Choose members and add the users you wish to be a member and then click Done followed by Save:
Figure 5.6 – Choosing members to add to the role group
The preceding screenshot shows how to select the option to choose members you wish to add to the role group. The following screenshot is what you will see once you have selected Choose members. As you can see, you have the option to click on Add and find the specific users you wish to assign to this specific role group:
Figure 5.7 – Searching for and adding members
You should now understand how to assign users to different role groups from within the Microsoft Security and Compliance Center. In the following section, we will complete the same task, but we will do this from PowerShell rather than the Admin Center.
Leave a Reply