Skip to content

Commit 12d9766

Browse files
poliveriapoliveria
authored
Merge pull request #5723 from MicrosoftDocs/poliveria-tib-mde
Update required permissions for Threat Intel Briefing Agent
2 parents 238e5d0 + 97dfd5f commit 12d9766

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

defender-xdr/security-copilot-agents-defender.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ The [Threat Intelligence Briefing Agent](threat-intel-briefing-agent-defender.md
9696
|---|---|
9797
| Identity | Requires connection to an existing user account or creation of a new agent identity |
9898
| License | [Defender EASM Standard](https://www.microsoft.com/security/pricing/microsoft-defender-external-attack-surface-management?msockid=2f55df1fd6fd61f12ba8ca23d7976094) |
99-
| Permissions | **Required permissions:**<ul><li>Vulnerability Management (read)<li>Security Reader</ul>**Optional permissions:**<ul><li>Exposure Management (read)</ul> |
99+
| Permissions | **Required permissions:**<ul><li>Microsoft Defender for Endpoint<li>Security Reader</ul>**Optional permissions:**<ul><li>Exposure Management (read)</ul> |
100100
| Products | [Security Copilot](/copilot/security/get-started-security-copilot) |
101101
| Plugins | The following plugins are required to run this agent:<ul><li>Microsoft Threat Intelligence<li>Microsoft Threat Intelligence agents</ul>The following plugin is optional but can add more context to the output:<ul><li>Microsoft Defender External Attack Surface Management</ul> |
102102
| Role-based access | The **Security Administrator** role is required to set up and manage the agent.<br><br>Users with the same permissions as the Threat Intelligence Briefing Agent can view the agent's activity and results. |

defender-xdr/threat-intel-briefing-agent-defender.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ The following plugin is optional but can add more context to the output:
7070
The user account connected to the agent or the created agent identity must have these permissions:
7171

7272
**Required permissions:**
73-
- **Vulnerability Management (read):** Access to Defender Vulnerability Management data
73+
- **Microsoft Defender for Endpoint:** Access to Defender Vulnerability Management data
7474
- **Security Reader:** Access to Threat Analytics and agent results
7575
- **Security Admin:** Access to agent onboarding and configuration
7676

0 commit comments

Comments
 (0)