Customer deleted the MDI default Entra ID groups "Azure ATP ..."

Question

Hi all,one of our customers accidentally deleted the MDI default groups in Entra ID.Unified RBAC is under discussion with the customer, but implementation will not be quick. Providing a Security Administrator is only a temporary solution and not a long-term one. We use these groups to access all details for MDI alerts. Without this access, sometimes we are unable to get the full picture of the alert.Simply recreating the Entra ID groups does not seem to work.&nbsp;Is there a way to get it working again without deleting the MDI workspace and recreating it?I can't believe that no one else has encountered this issue before, but I found nothing."&nbsp;thanks for helping

eliofek · Answer

SecNinja&nbsp;After recreating the groups in AAD, open a support case, and supply the new group names and AAD ID for each group.Support can set those id's in the backend instead of the ones that were auto created upon workspace creation.

somugg · Answer

EliOfek- I need to change or rename Sensor API URL from "ABCsensorapi.atp.azure.com" to "XYZsensorapi.atp.azure.com". Should I need to change/rename my MDI workspace name to achieve this? If so, Is it possible to rename MDI workspace name without data loss? Would you share MS article or detailed steps to rename MDI workspace and sensor API URL name?

Forum Discussion

Customer deleted the MDI default Entra ID groups "Azure ATP <workspace> ..."

2 Replies

Resources