decoded365
← All changes
NewMicrosoft Intune

Microsoft Intune: Additional granular RBAC controls to manage Antivirus, Firewall, BitLocker, and Endpoint Detection and Response endpoint security workloads

Microsoft Intune is introducing separate RBAC permissions for individual endpoint security workloads (Antivirus, Firewall, BitLocker, EDR), replacing the previous consolidated 'Security baselines' permission. Admins must reconfigure role-based access control to maintain appropriate security policy management permissions.

Action required: Review and update RBAC role assignments to use new granular permissions for Antivirus, Firewall, BitLocker, and EDR workloads instead of relying on the 'Security baselines' permission.

Key dates

  • preview (Feature in development; no general availability date announced)

Microsoft's description

Expanded granular RBAC controls to manage Endpoint Security workloads. The ‘Security baselines’ permission previously included all security policies and now all security workloads have their own permission set

View on Microsoft roadmap →