| title | Security Reader |
|---|---|
| description | Security Reader |
| ms.topic | include |
| ms.date | 01/26/2026 |
| ms.custom | include file |
This is a privileged role. Users with this role have global read-only access on security-related feature, including all information in Microsoft 365 Defender portal, Microsoft Entra ID Protection, Privileged Identity Management, and the ability to read Microsoft Entra sign-in reports and audit logs, and in Microsoft Purview portal. For more information about Office 365 permissions, see Roles and role groups in Microsoft Defender for Office 365 and Microsoft Purview compliance.
| In | Can do |
|---|---|
| Microsoft 365 Defender portal | View security-related policies across Microsoft 365 services View security threats and alerts View reports |
| Microsoft Entra ID Protection | View all ID Protection reports and Overview |
| Privileged Identity Management | Has read-only access to all information surfaced in Microsoft Entra Privileged Identity Management: Policies and reports for Microsoft Entra role assignments and security reviews. Cannot sign up for Microsoft Entra Privileged Identity Management or make any changes to it. In the Privileged Identity Management portal or via PowerShell, someone in this role can activate additional roles (for example, Privileged Role Administrator), if the user is eligible for them. |
| Microsoft Purview portal | View security policies View and investigate security threats View reports |
| Microsoft Defender for Endpoint | View and investigate alerts When you turn on role-based access control in Microsoft Defender for Endpoint, users with read-only permissions such as the Security Reader role lose access until they're assigned a Microsoft Defender for Endpoint role. |
| Intune | Views user, device, enrollment, configuration, and application information. Cannot make changes to Intune. |
| Microsoft Defender for Cloud Apps | Has read permissions. |
| Microsoft 365 service health | View the health of Microsoft 365 services |
[!div class="mx-tableFixed"]
Actions Description microsoft.azure.serviceHealth/allEntities/allTasks Read and configure Azure Service Health microsoft.directory/accessReviews/definitions/allProperties/read Read all properties of access reviews of all reviewable resources in Microsoft Entra ID microsoft.directory/auditLogs/allProperties/read Read all properties on audit logs, excluding custom security attributes audit logs microsoft.directory/authorizationPolicy/standard/read Read standard properties of authorization policy microsoft.directory/bitlockerKeys/key/read Read bitlocker metadata and key on devices microsoft.directory/conditionalAccessPolicies/owners/read Read the owners of Conditional Access policies microsoft.directory/conditionalAccessPolicies/policyAppliedTo/read Read the "applied to" property for Conditional Access policies microsoft.directory/conditionalAccessPolicies/standard/read Read Conditional Access for policies microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationIdentitySynchronization/standard/read Read basic properties of cross tenant sync policy templates for multi-tenant organization microsoft.directory/crossTenantAccessPolicy/partners/templates/multiTenantOrganizationPartnerConfiguration/standard/read Read basic properties of cross tenant access policy templates for multi-tenant organization microsoft.directory/deviceLocalCredentials/standard/read Read all properties of the backed up local administrator account credentials for Microsoft Entra joined devices, except the password microsoft.directory/domains/federationConfiguration/standard/read Read standard properties of federation configuration for domains microsoft.directory/entitlementManagement/allProperties/read Read all properties in Microsoft Entra entitlement management microsoft.directory/identityProtection/allProperties/read Read all resources in Microsoft Entra ID Protection microsoft.directory/multiTenantOrganization/joinRequest/standard/read Read properties of a multi-tenant organization join request microsoft.directory/multiTenantOrganization/standard/read Read basic properties of a multi-tenant organization microsoft.directory/multiTenantOrganization/tenants/organizationDetails/read Read organization details of a tenant participating in a multi-tenant organization microsoft.directory/multiTenantOrganization/tenants/standard/read Read basic properties of a tenant participating in a multi-tenant organization microsoft.directory/namedLocations/standard/read Read basic properties of custom rules that define network locations microsoft.directory/policies/owners/read Read owners of policies microsoft.directory/policies/policyAppliedTo/read Read policies.policyAppliedTo property microsoft.directory/policies/standard/read Read basic properties on policies microsoft.directory/privilegedIdentityManagement/allProperties/read Read all resources in Privileged Identity Management microsoft.directory/provisioningLogs/allProperties/read Read all properties of provisioning logs microsoft.directory/signInReports/allProperties/read Read all properties on sign-in reports, including privileged properties microsoft.networkAccess/allEntities/allProperties/read Read all aspects of Microsoft Entra Network Access microsoft.office365.protectionCenter/allEntities/standard/read Read standard properties of all resources in the Security and Compliance centers microsoft.office365.protectionCenter/attackSimulator/payload/allProperties/read Read all properties of attack payloads in Attack Simulator microsoft.office365.protectionCenter/attackSimulator/reports/allProperties/read Read reports of attack simulation, responses, and associated training microsoft.office365.protectionCenter/attackSimulator/simulation/allProperties/read Read all properties of attack simulation templates in Attack Simulator microsoft.office365.serviceHealth/allEntities/allTasks Read and configure Service Health in the Microsoft 365 admin center microsoft.office365.webPortal/allEntities/standard/read Read basic properties on all resources in the Microsoft 365 admin center