AzRoleAdvertizer

last sync: 2025-Jul-24 17:34:09 UTC

Security Admin

Azure BuiltIn RBAC Role definition

NameSecurity Admin
Microsoft Learn
Idfb1c8493-542b-48eb-b624-b4c8fea62acd
DescriptionSecurity Admin Role
CategorySecurity
Microsoft Learn
CreatedOn2017-05-03 07:51:23 UTC
UpdatedOn2023-06-27 15:20:21 UTC
Permissions summary Effective control plane and data plane operations: 1233 (unique operations)
•action: 86
•delete: 61
•read: 1008
•write: 78

Actions: 14
Resolved control plane operations from Actions: 1233
Effective control plane operations: 1233
•action: 86
•delete: 61
•read: 1008
•write: 78

NotActions: 0
Resolved control plane operations from NotActions: 0
Effective denied control plane operations: 15652

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3579
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Authorization/policyAssignments/*wildcarded / no description
Microsoft.Authorization/policyDefinitions/*wildcarded / no description
Microsoft.Authorization/policyExemptions/*wildcarded / no description
Microsoft.Authorization/policySetDefinitions/*wildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.IoTFirmwareDefense/*wildcarded / no description
Microsoft.IoTSecurity/*wildcarded / no description
Microsoft.Management/managementGroups/readList management groups for the authenticated user.
Microsoft.operationalInsights/workspaces/*/readwildcarded / no description
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.Security/*wildcarded / no description
Microsoft.Support/*wildcarded / no description
NotActions n/a
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy
Rows: 1-10 / 29
Records:
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, [empty], [nonempty], rgx:
Learn more

TableFilter v0.7.3

https://www.tablefilter.com/
©2015-2025 Max Guglielmi
?
Page of 3
Policy DisplayName Policy Id Category State
[Deprecated]: Configure Azure Defender for container registries to be enabled d3d1e68e-49d4-4b56-acff-93cef644b432 Security Center Deprecated
[Deprecated]: Configure Azure Defender for DNS to be enabled 2370a3c1-4a25-4283-a91a-c9c1a145fb2f Security Center Deprecated
[Deprecated]: Configure Azure Defender for Kubernetes to be enabled 133047bf-1369-41e3-a3be-74a11ed1395a Security Center Deprecated
[Deprecated]: Configure Microsoft Defender for APIs should be enabled e54d2be9-5f2e-4d65-98e4-4f0e670b23d6 Security Center Deprecated
[Deprecated]: Configure Microsoft Defender for Storage (Classic) to be enabled 74c30959-af11-47b3-9ed2-a26e03f427a3 Security Center Deprecated
[Deprecated]: Deploy Defender for Storage (Classic) on storage accounts 361c2074-3595-4e5d-8cab-4f21dffc835c Storage Deprecated
Configure Azure Defender for App Service to be enabled b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Security Center GA
Configure Azure Defender for Azure SQL database to be enabled b99b73e7-074b-4089-9395-b7236f094491 Security Center GA
Configure Azure Defender for open-source relational databases to be enabled 44433aa3-7ec2-4002-93ea-65c65ff0310a Security Center GA
Configure Azure Defender for Resource Manager to be enabled b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 Security Center GA
Configure Azure Defender for Servers to be disabled for all resources (resource level) f6ff485a-7630-4730-854d-cd3ad855435e Security Center - Granular Pricing GA
Configure Azure Defender for Servers to be disabled for resources (resource level) with the selected tag 080fedce-9d4a-4d07-abf0-9f036afbc9c8 Security Center - Granular Pricing GA
Configure Azure Defender for servers to be enabled 8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 Security Center GA
Configure Azure Defender for Servers to be enabled ('P1' subplan) for all resources (resource level) with the selected tag 9e4879d9-c2a0-4e40-8017-1a5a5327c843 Security Center - Granular Pricing GA
Configure Azure Defender for Servers to be enabled (with 'P1' subplan) for all resources (resource level) 1b8c0040-b224-4ea1-be6a-47254dd5a207 Security Center - Granular Pricing GA
Configure Azure Defender for SQL servers on machines to be enabled 50ea7265-7d8c-429e-9a7d-ca1f410191c3 Security Center GA
Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only) 17bc14a7-92e1-4551-8b8c-80f36953e166 Security Center GA
Configure machines to receive a vulnerability assessment provider 13ce0167-8ca6-4048-8e6b-f996402e3c1b Security Center GA
Configure Microsoft Defender for Azure Cosmos DB to be enabled 82bf5b87-728b-4a74-ba4d-6123845cf542 Security Center GA
Configure Microsoft Defender for Containers to be enabled c9ddb292-b203-4738-aead-18e2716e858f Security Center GA
Configure Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud (WDATP) da56d295-2889-41ce-a4cd-6f50fb93aa68 Security Center GA
Configure Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud (WDATP_EXCLUDE_LINUX...) f9e2bd2f-47c7-4059-8265-c5292aa62c8a Security Center GA
Configure Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud (WDATP_UNIFIED_SOLUTION) 48666c5d-cec1-4043-ab6b-1be05abb24f2 Security Center GA
Configure Microsoft Defender for Key Vault plan 1f725891-01c0-420a-9059-4fa46cb770b7 Security Center GA
Deploy - Configure suppression rules for Azure Security Center alerts 80e94a21-c6cd-4c95-a2c7-beb5704e61c0 Security Center GA
Deploy Advanced Threat Protection for Cosmos DB Accounts b5f04e03-92a3-4b09-9410-2cc5e5047656 Cosmos DB GA
Enable Microsoft Defender for Cloud on your subscription ac076320-ddcf-4066-b451-6154267e8ad2 Security Center GA
Enable threat protection for AI workloads 7e92882a-2f8a-4991-9bc4-d3147d40abb0 Security Center GA
Setup subscriptions to transition to an alternative vulnerability assessment solution 766e621d-ba95-4e43-a6f2-e945db3d7888 Security Center GA
History
Date/Time (UTC ymd) (i) Change Change detail
2023-06-28 17:49:18 change: Actions Actions: 'add Microsoft.IoTFirmwareDefense/*'
2021-11-15 17:00:51 change: NotActions NotActions: 'remove Microsoft.IoTSecurity/defenderSettings/write'
2021-08-12 19:47:01 change: NotActions NotActions: 'add Microsoft.IoTSecurity/defenderSettings/write'
2021-07-08 14:19:50 change: Actions Actions: 'add Microsoft.IoTSecurity/*'
JSON
api-version=2023-07-01-preview
 
{9 items
  • roleName: "Security Admin",
  • type: "BuiltInRole",
  • description: "Security Admin Role",
  • assignableScopes: [1 item
    • "/"
    ],
  • permissions: [1 item
    • {4 items
      • actions: [14 items
        • "Microsoft.Authorization/*/read",
        • "Microsoft.Authorization/policyAssignments/*",
        • "Microsoft.Authorization/policyDefinitions/*",
        • "Microsoft.Authorization/policyExemptions/*",
        • "Microsoft.Authorization/policySetDefinitions/*",
        • "Microsoft.Insights/alertRules/*",
        • "Microsoft.Management/managementGroups/read",
        • "Microsoft.operationalInsights/workspaces/*/read",
        • "Microsoft.Resources/deployments/*",
        • "Microsoft.Resources/subscriptions/resourceGroups/read",
        • "Microsoft.Security/*",
        • "Microsoft.IoTSecurity/*",
        • "Microsoft.IoTFirmwareDefense/*",
        • "Microsoft.Support/*"
        ],
      • notActions: [],
      • dataActions: [],
      • notDataActions: []
      }
    ],
  • createdOn: "2017-05-03T07:51:23.0917487Z",
  • updatedOn: "2023-06-27T15:20:21.4401023Z",
  • createdBy: null,
  • updatedBy: null
}
Condition none