Azure AD Identity Protection Alerts and Incidents Integration in Microsoft 365 Defender Portal

Hi team,

Today, I would like to discuss Azure AD Identity protection alerts and incidents and how they appear within the Microsoft 365 Defender portal. Currently, we have a setting for this under Settings - Microsoft 365 Defender - Alert service settings.

 https://imgur.com/a/KzxFmDf 

Let's assume that a few alerts are generated from the Azure AD Identity protection service, and all of them are listed in the Microsoft 365 Defender portal. My question is, can we solve this without assigning the analysts an Azure AD role? For example, the Security operator role, which is part of Azure AD roles, can see all of those alerts and incidents. Is there any way to handle this through unified role-based access control and custom roles? Currently, we only have an Azure AD Premium P2 license, so we cannot activate the "Identity" workload, and thus we cannot see it.

https://imgur.com/a/kuPxcRF 

Are my hands tied? Do I have to assign an Azure AD role to our analysts solely for them to view the alerts and incidents based on Azure AD IP? Is there an alternative solution available? I'm also curious why the "Identity" workload is missing, considering we have an Azure AD Premium P2 license. Is this workload exclusive to EMS E5?

Looking forward to your insights and solutions.

Thank you, Matej