You can delegate permissions to manage specific Defender objects, including the permissions to view or modify any of the object properties and the permissions to create, delete, rename or move objects on a user or group.
The available options are:
Control access rights are provided as an optional setting during the installation of the Defender Administration Console. Control access rights can be combined with the delegated administration privileges assigned to security groups or users.
The Defender control access rights act as an additional layer of administration security, allowing you to enable or disable the token-related buttons provided below the Tokens list on the Defender tab in the Properties dialog for a Defender user:
With control access rights, you can enable or disable the following buttons:
To assign control access rights to users
Do the following:
To remove control access rights from a group of users
Defender Management Shell, built on Microsoft Windows PowerShell technology, provides a command-line interface that enables automation of Defender administrative tasks. With the Defender Management Shell, administrators can perform token-related tasks such as assigning tokens to users, assigning PINs, or checking for expired tokens.
The Defender Management Shell command-line tools (cmdlets), like Windows PowerShell cmdlets, are designed to deal with objects—structured information that is more than just a string of characters appearing on the screen. The cmdlets do not use text as the basis for interaction with the system, but use an object model that is based on the Microsoft .NET platform. In contrast to traditional, text-based commands, the cmdlets do not require the use of text-processing tools to extract specific information. Rather, you can access required data directly by using standard Windows PowerShell object manipulation commands.
Before installing the Defender Management Shell feature, make sure your computer meets the system requirements described in the Defender Release Notes.
All cmdlets are presented in verb-noun pairs. The verb-noun pair is separated by a hyphen (-) without spaces, and the cmdlet nouns are always singular. The verb refers to the action that the cmdlet performs. The noun identifies the entity on which the action is performed. For example, in the Add-TokenToUser cmdlet name, the verb is Add and the noun is TokenToUser.
To install the Defender Management Shell
When stepping through the wizard, make sure to select the Defender Management Shell feature for installation. For more information about the wizard steps and options, see Defender Setup Wizard reference.