Microsoft recommends using the concept of least privileges. Defender for Endpoint leverages built-in roles within Microsoft Entra ID. Microsoft recommends review the different roles that are available and choose the right one to solve your needs for each persona for this application.