Summary
Details
Updated June 2, 2026: We have updated the timeline. Thank you for your patience.
[Introduction]
We’re improving the security and consistency of permissions management in Microsoft Defender for Office 365. Starting end of June 2026, all newly created Microsoft Defender for Office 365 Plan 2 tenants will use the Defender XDR Unified role-based access control (Unified RBAC) model by default. This change streamlines role management and provides more granular, centralized access controls across security workloads. Existing tenants prior to this date are not affected.
[When this will happen]
- Public Preview: End of June 2026 (previously late May) – mid-July 2026 (previously mid‑June)
- General Availability: End of June 2026 (previously late May) – mid-July 2026 (previously mid‑June)
[How this affects your organization]
Who is affected
- Administrators managing new Microsoft Defender for Office 365 Plan 2 tenants
- Tenants that receive Plan 2 (or equivalent) licensing after end of June 2026
- Existing tenants are not affected
What will happen
- Unified RBAC will be enabled by default for all newly created Microsoft Defender for Office 365 Plan 2 tenants.
- Administrators will use Unified RBAC roles alongside Microsoft Entra roles to manage access in the Microsoft Defender portal.
- Existing tenants keep their current permission model without changes or required action.
- There is no user impact.
- Existing tenants may optionally adopt Unified RBAC at any time to benefit from improved permission granularity and centralized permission management.
[What you can do to prepare]
For organizations creating new tenants or assigning Plan 2 licenses after end of June 2026:
- Review available Unified RBAC roles to ensure permissions align with your security and IT operational requirements.
- Update internal deployment and onboarding documentation for teams responsible for new tenant provisioning.
- Familiarize administrators with Unified RBAC role management in the Microsoft Defender portal.
- Share the following resources with security and IT teams:
No action is required for existing tenants unless you choose to adopt Unified RBAC.
[Compliance considerations]
No compliance considerations identified. Review as appropriate for your organization.
Change History
[Introduction]
We’re improving the security and consistency of permissions management in Microsoft Defender for Office 365. Starting May 30, 2026, all newly created Microsoft Defender for Office 365 Plan 2 tenants will use the Defender XDR Unified role-based access control (Unified RBAC) model by default. This change streamlines role management and provides more granular, centralized access controls across security workloads. Existing tenants prior to this date are not affected.
[When this will happen]
- Public Preview: Late May 2026 – mid‑June 2026
- General Availability: Late May 2026 – mid‑June 2026
[How this affects your organization]
Who is affected
- Administrators managing new Microsoft Defender for Office 365 Plan 2 tenants
- Tenants that receive Plan 2 (or equivalent) licensing after May 30, 2026
- Existing tenants are not affected
What will happen
- Unified RBAC will be enabled by default for all newly created Microsoft Defender for Office 365 Plan 2 tenants.
- Administrators will use Unified RBAC roles alongside Microsoft Entra roles to manage access in the Microsoft Defender portal.
- Existing tenants keep their current permission model without changes or required action.
- There is no user impact.
- Existing tenants may optionally adopt Unified RBAC at any time to benefit from improved permission granularity and centralized permission management.
[What you can do to prepare]
For organizations creating new tenants or assigning Plan 2 licenses after May 30, 2026:
- Review available Unified RBAC roles to ensure permissions align with your security and IT operational requirements.
- Update internal deployment and onboarding documentation for teams responsible for new tenant provisioning.
- Familiarize administrators with Unified RBAC role management in the Microsoft Defender portal.
- Share the following resources with security and IT teams:
No action is required for existing tenants unless you choose to adopt Unified RBAC.
[Compliance considerations]
No compliance considerations identified. Review as appropriate for your organization.
Updated June 2, 2026: We have updated the timeline. Thank you for your patience.
[Introduction]
We’re improving the security and consistency of permissions management in Microsoft Defender for Office 365. Starting end of June 2026, all newly created Microsoft Defender for Office 365 Plan 2 tenants will use the Defender XDR Unified role-based access control (Unified RBAC) model by default. This change streamlines role management and provides more granular, centralized access controls across security workloads. Existing tenants prior to this date are not affected.
[When this will happen]
- Public Preview: End of June 2026 (previously late May) – mid-July 2026 (previously mid‑June)
- General Availability: End of June 2026 (previously late May) – mid-July 2026 (previously mid‑June)
[How this affects your organization]
Who is affected
- Administrators managing new Microsoft Defender for Office 365 Plan 2 tenants
- Tenants that receive Plan 2 (or equivalent) licensing after end of June 2026
- Existing tenants are not affected
What will happen
- Unified RBAC will be enabled by default for all newly created Microsoft Defender for Office 365 Plan 2 tenants.
- Administrators will use Unified RBAC roles alongside Microsoft Entra roles to manage access in the Microsoft Defender portal.
- Existing tenants keep their current permission model without changes or required action.
- There is no user impact.
- Existing tenants may optionally adopt Unified RBAC at any time to benefit from improved permission granularity and centralized permission management.
[What you can do to prepare]
For organizations creating new tenants or assigning Plan 2 licenses after end of June 2026:
- Review available Unified RBAC roles to ensure permissions align with your security and IT operational requirements.
- Update internal deployment and onboarding documentation for teams responsible for new tenant provisioning.
- Familiarize administrators with Unified RBAC role management in the Microsoft Defender portal.
- Share the following resources with security and IT teams:
No action is required for existing tenants unless you choose to adopt Unified RBAC.
[Compliance considerations]
No compliance considerations identified. Review as appropriate for your organization.
Never Miss a Microsoft 365 Update
Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.