Microsoft Defender XDR · Security Posture Management
Security Posture Manager
Manages vulnerability management, exposure management, and security posture across the organization. The single role for all posture-related activities.
Scope: Full vulnerability and exposure management lifecycle
Permissions
- Vulnerability management (read) - View software inventory, vulnerabilities, weaknesses, missing KBs
- Exception handling (manage) - Create and manage security recommendation exceptions
- Remediation handling (manage) - Create remediation tickets and manage remediation activities
- Application handling (manage) - Block/unblock vulnerable applications organization-wide
- Security baseline assessment (manage) - Create and manage security baseline profiles
- Exposure management (manage) - Manage exposure insights, Secure Score recommendations, and initiatives
Common use cases
- Vulnerability management team leads
- Security posture improvement program owners
- IT security teams coordinating remediation
- Risk management teams prioritizing vulnerabilities
- Secure Score optimization initiatives
Best practices
- Coordinate with IT operations for patching schedules
- Use exception handling sparingly with documented business justification
- Monitor application blocking impact before deployment
- Review security baselines regularly
- Track Secure Score trends over time
Security considerations
- Can create exceptions that bypass security recommendations
- Can block applications organization-wide affecting productivity
- Exception handling creates risk acceptance records for audit
- Should coordinate with change management processes
Common questions
When should I assign the Security Posture Manager role?
Assign Security Posture Manager when you need to: Vulnerability management team leads; Security posture improvement program owners; IT security teams coordinating remediation; Risk management teams prioritizing vulnerabilities; and Secure Score optimization initiatives. It is part of Microsoft Defender XDR and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Security Posture Manager role do?
The Security Posture Manager role grants permissions including: Vulnerability management (read) - View software inventory, vulnerabilities, weaknesses, missing KBs; Exception handling (manage) - Create and manage security recommendation exceptions; Remediation handling (manage) - Create remediation tickets and manage remediation activities; Application handling (manage) - Block/unblock vulnerable applications organization-wide; Security baseline assessment (manage) - Create and manage security baseline profiles; and Exposure management (manage) - Manage exposure insights, Secure Score recommendations, and initiatives. See the Permissions section above for the full list.
What are the security risks of the Security Posture Manager role?
Key considerations when assigning Security Posture Manager: Can create exceptions that bypass security recommendations; Can block applications organization-wide affecting productivity; Exception handling creates risk acceptance records for audit; and Should coordinate with change management processes. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.