AzRoleAdvertizer

last sync: 2025-Oct-31 18:22:44 UTC

Security Admin

Azure BuiltIn RBAC Role definition

NameSecurity Admin
Microsoft Learn
Idfb1c8493-542b-48eb-b624-b4c8fea62acd
DescriptionSecurity Admin Role
CategorySecurity
Microsoft Learn
CreatedOn2017-05-03 07:51:23 UTC
UpdatedOn2023-06-27 15:20:21 UTC
Permissions summary Effective control plane and data plane operations: 1263 (unique operations)
•: 1
•action: 88
•delete: 63
•read: 1032
•write: 79

Actions: 14
Resolved control plane operations from Actions: 1263
Effective control plane operations: 1263
•: 1
•action: 88
•delete: 63
•read: 1032
•write: 79

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 16170

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 4078
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/policyAssignments/*wildcarded / no description
Microsoft.Authorization/policyDefinitions/*wildcarded / no description
Microsoft.Authorization/policyExemptions/*wildcarded / no description
Microsoft.Authorization/policySetDefinitions/*wildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.IoTFirmwareDefense/*wildcarded / no description
Microsoft.IoTSecurity/*wildcarded / no description
Microsoft.Management/managementGroups/readList management groups for the authenticated user.
Microsoft.operationalInsights/workspaces/*/readwildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Security/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Policy DisplayName Policy Id Category State
[Deprecated]: Configure Azure Defender for container registries to be enabled d3d1e68e-49d4-4b56-acff-93cef644b432 Security Center Deprecated
[Deprecated]: Configure Azure Defender for DNS to be enabled 2370a3c1-4a25-4283-a91a-c9c1a145fb2f Security Center Deprecated
[Deprecated]: Configure Azure Defender for Kubernetes to be enabled 133047bf-1369-41e3-a3be-74a11ed1395a Security Center Deprecated
[Deprecated]: Configure Microsoft Defender for APIs should be enabled e54d2be9-5f2e-4d65-98e4-4f0e670b23d6 Security Center Deprecated
[Deprecated]: Configure Microsoft Defender for Storage (Classic) to be enabled 74c30959-af11-47b3-9ed2-a26e03f427a3 Security Center Deprecated
[Deprecated]: Deploy Defender for Storage (Classic) on storage accounts 361c2074-3595-4e5d-8cab-4f21dffc835c Storage Deprecated
Configure Azure Defender for App Service to be enabled b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Security Center GA
Configure Azure Defender for Azure SQL database to be enabled b99b73e7-074b-4089-9395-b7236f094491 Security Center GA
Configure Azure Defender for open-source relational databases to be enabled 44433aa3-7ec2-4002-93ea-65c65ff0310a Security Center GA
Configure Azure Defender for Resource Manager to be enabled b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 Security Center GA
Configure Azure Defender for Servers to be disabled for all resources (resource level) f6ff485a-7630-4730-854d-cd3ad855435e Security Center - Granular Pricing GA
Configure Azure Defender for Servers to be disabled for resources (resource level) with the selected tag 080fedce-9d4a-4d07-abf0-9f036afbc9c8 Security Center - Granular Pricing GA
Configure Azure Defender for servers to be enabled 8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 Security Center GA
Configure Azure Defender for Servers to be enabled ('P1' subplan) for all resources (resource level) with the selected tag 9e4879d9-c2a0-4e40-8017-1a5a5327c843 Security Center - Granular Pricing GA
Configure Azure Defender for Servers to be enabled (with 'P1' subplan) for all resources (resource level) 1b8c0040-b224-4ea1-be6a-47254dd5a207 Security Center - Granular Pricing GA
Configure Azure Defender for SQL servers on machines to be enabled 50ea7265-7d8c-429e-9a7d-ca1f410191c3 Security Center GA
Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only) 17bc14a7-92e1-4551-8b8c-80f36953e166 Security Center GA
Configure machines to receive a vulnerability assessment provider 13ce0167-8ca6-4048-8e6b-f996402e3c1b Security Center GA
Configure Microsoft Defender for Azure Cosmos DB to be enabled 82bf5b87-728b-4a74-ba4d-6123845cf542 Security Center GA
Configure Microsoft Defender for Containers to be enabled c9ddb292-b203-4738-aead-18e2716e858f Security Center GA
Configure Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud (WDATP) da56d295-2889-41ce-a4cd-6f50fb93aa68 Security Center GA
Configure Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud (WDATP_EXCLUDE_LINUX...) f9e2bd2f-47c7-4059-8265-c5292aa62c8a Security Center GA
Configure Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud (WDATP_UNIFIED_SOLUTION) 48666c5d-cec1-4043-ab6b-1be05abb24f2 Security Center GA
Configure Microsoft Defender for Key Vault plan 1f725891-01c0-420a-9059-4fa46cb770b7 Security Center GA
Deploy - Configure suppression rules for Azure Security Center alerts 80e94a21-c6cd-4c95-a2c7-beb5704e61c0 Security Center GA
Deploy Advanced Threat Protection for Cosmos DB Accounts b5f04e03-92a3-4b09-9410-2cc5e5047656 Cosmos DB GA
Enable Microsoft Defender for Cloud on your subscription ac076320-ddcf-4066-b451-6154267e8ad2 Security Center GA
Enable threat protection for AI workloads 7e92882a-2f8a-4991-9bc4-d3147d40abb0 Security Center GA
Setup subscriptions to transition to an alternative vulnerability assessment solution 766e621d-ba95-4e43-a6f2-e945db3d7888 Security Center GA
History
Date/Time (UTC ymd) (i) Change Change detail
2023-06-28 17:49:18 change: Actions Actions: 'add Microsoft.IoTFirmwareDefense/*'
2021-11-15 17:00:51 change: NotActions NotActions: 'remove Microsoft.IoTSecurity/defenderSettings/write'
2021-08-12 19:47:01 change: NotActions NotActions: 'add Microsoft.IoTSecurity/defenderSettings/write'
2021-07-08 14:19:50 change: Actions Actions: 'add Microsoft.IoTSecurity/*'
JSON
api-version=2023-07-01-preview
Condition none