As per announcement: New roles for managing access to XDR features changes were made to Security Administrators screen.
All EPP users in the system as of June 30, 2025, were automatically granted access to XDR features to maintain backward compatibility. New EPP users created after this date must have their XDR access explicitly assigned with one of the new XDR roles:
- Broad Context Detections
- Response
- Execute responses or
- List Responses or
- No access
- Event Search
Elements IAM Admin is the only role authorized to grant or revoke XDR access.