AzRoleAdvertizer

last sync: 2025-Sep-02 17:22:46 UTC

Defender Unified RBAC Responder

Azure BuiltIn RBAC Role definition

NameDefender Unified RBAC Responder
Id1bacae94-6c0f-4d2d-8dfa-408d5a28e6ec
DescriptionDefender Unified RBAC Responder. This role is managed and assigned automatically by the Defender Unified RBAC system. Manual assignment of this role is not recommended, as the Defender Unified RBAC system may modify or remove it at any time based on system requirements.
CategoryNone
CreatedOn2025-08-29 14:38:33 UTC
UpdatedOn2025-08-29 14:38:33 UTC
Permissions summary Effective control plane and data plane operations: 952 (unique operations)
•action: 15
•delete: 4
•read: 924
•write: 9

Actions: 24
Resolved control plane operations from Actions: 957
Effective control plane operations: 952
•action: 15
•delete: 4
•read: 924
•write: 9

NotActions: 4
Resolved control plane operations from NotActions: 7
Effective denied control plane operations: 16115

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3725
Actions
Operation Description
Microsoft.OperationalInsights/querypacks/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/analytics/query/actionSearch using new engine.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/query/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/query/readRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/savedSearches/readGets a saved search query.
Microsoft.OperationsManagement/solutions/readGet exiting OMS solution
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.SecurityInsights/*/readwildcarded / no description
Microsoft.SecurityInsights/automationRules/*wildcarded / no description
Microsoft.SecurityInsights/businessApplicationAgents/systems/undoAction/actionUndoes an action
Microsoft.SecurityInsights/cases/*wildcarded / no description
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionCheck user authorization and license
Microsoft.SecurityInsights/entities/runPlaybook/actionRun playbook on entity
Microsoft.SecurityInsights/incidents/*wildcarded / no description
Microsoft.SecurityInsights/threatIntelligence/bulkTag/actionBulk Tags Threat Intelligence
Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/actionAppend tags to Threat Intelligence Indicator
Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/actionAppend tags to Threat Intelligence Indicator
Microsoft.SecurityInsights/threatIntelligence/indicators/query/actionQuery Threat Intelligence Indicators
Microsoft.SecurityInsights/threatIntelligence/indicators/replaceTags/actionReplace Tags of Threat Intelligence Indicator
Microsoft.SecurityInsights/threatIntelligence/queryIndicators/actionQuery Threat Intelligence Indicators
NotActions
Operation Description
Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*wildcarded / no description
Microsoft.SecurityInsights/cases/*/Deletewildcarded / no description
Microsoft.SecurityInsights/ConfidentialWatchlists/*wildcarded / no description
Microsoft.SecurityInsights/incidents/*/Deletewildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2025-08-29 17:22:35 add: Role 1bacae94-6c0f-4d2d-8dfa-408d5a28e6ec
JSON
api-version=2023-07-01-preview
Condition none