Task 03: Assign permissions for custom detection rules

This task is a prerequisite for creating custom detection rules.

1. Open a new browser tab, go to MS Defender, and sign in.

2. In the Defender portal’s leftmost pane, go to System > Permissions.

3. Select Microsoft Defender XDR > Roles.

4. Select Create custom role.

   

5. Name the role +++Custom Detection Rule Creator+++, then select Next.

   

6. Under Choose permissions, select Authorization and settings.

7. In the flyout, select Select custom permissions.

8. Under Security settings, select Select custom permissions > Core security settings (manage) > Apply.

   

   

9. Under Choose permissions, select Security operations.

   Notice this automatically added Security data basics (Read).

   

10. Close the flyout.

11. Select Next to move to the Assignments step.

12. Select Create assignment.

13. In the flyout pane, under Assignment name, enter +++CustomDetectionRule+++.

14. Under Employees, select any other username in your tenant other than your username. If you don’t have any other users, enter your Azure username.

15. Leave the defaults for Data and scope, then select Add at the bottom of the pane.

    

16. Back on the Assignments step, select Next, then select Submit.

    

17. Select Done once the role’s been created.

18. Confirm the new role appears in the table.

    

Permissions may take 10-15 minutes to take effect.