Role Information
Details and metadata
d5a2ae44-610b-4500-93be-660a0c5f5ca6
Change History
Track all modifications to this role
Updated On
Event Type
Summary & Details
2025-09-16 15:14:52
Initial Scan
Show full JSON
{
"properties": {
"roleName": "Defender Kubernetes API Access",
"type": "BuiltInRole",
"description": "Grants Microsoft Defender for Cloud access to Azure Kubernetes Services",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/write",
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/read",
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/delete",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Security/pricings/securityoperators/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2023-01-13T13:11:10.766Z",
"updatedOn": "2025-09-16T15:14:52.604Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/d5a2ae44-610b-4500-93be-660a0c5f5ca6",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "d5a2ae44-610b-4500-93be-660a0c5f5ca6"
}
2025-09-16 15:14:52
Initial Scan
View details
{
"properties": {
"roleName": "Defender Kubernetes API Access",
"type": "BuiltInRole",
"description": "Grants Microsoft Defender for Cloud access to Azure Kubernetes Services",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/write",
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/read",
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/delete",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Security/pricings/securityoperators/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2023-01-13T13:11:10.766Z",
"updatedOn": "2025-09-16T15:14:52.604Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/d5a2ae44-610b-4500-93be-660a0c5f5ca6",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "d5a2ae44-610b-4500-93be-660a0c5f5ca6"
}
Latest Role JSON
Raw definition from Azure
{
"properties": {
"roleName": "Defender Kubernetes API Access",
"type": "BuiltInRole",
"description": "Grants Microsoft Defender for Cloud access to Azure Kubernetes Services",
"assignableScopes": [
"/"
],
"permissions": [
{
"actions": [
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/write",
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/read",
"Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/delete",
"Microsoft.ContainerService/managedClusters/read",
"Microsoft.Features/features/read",
"Microsoft.Features/providers/features/read",
"Microsoft.Features/providers/features/register/action",
"Microsoft.Security/pricings/securityoperators/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
],
"createdOn": "2023-01-13T13:11:10.766Z",
"updatedOn": "2025-09-16T15:14:52.604Z",
"createdBy": null,
"updatedBy": null
},
"id": "/providers/Microsoft.Authorization/roleDefinitions/d5a2ae44-610b-4500-93be-660a0c5f5ca6",
"type": "Microsoft.Authorization/roleDefinitions",
"name": "d5a2ae44-610b-4500-93be-660a0c5f5ca6"
}
Effective Permissions
Operations granted by this role (8 total)
Control Plane Operations (8)
No matching operations
/ shown
Data Plane Operations (0)
No data plane operations granted