Forum Discussion

Chris Waterworth's avatar
Chris Waterworth
Copper Contributor
Aug 23, 2022

Defender for Identity - Required permissions

Hi, in the Microsoft docs for DFI https://docs.microsoft.com/en-us/defender-for-identity/role-groups#required-permissions-for-the-microsoft-365-defender-experience it calls out the following for perm...
aexlz's avatar
aexlz
Brass Contributor
Aug 28, 2022

Hi Martin_Schvartzman 

Security Administrator is not sufficient for creating the MDI Workspace. 

Since there are three groups created in the background when creating the MDI Workspace, you must be either Global Administrator or Security Administrator AND Group Administrator. 

I had opened a ticket at MS because of this issue. 

 

Or has anything changed here? 

 

 

 

Martin_Schvartzman's avatar
Martin_Schvartzman
Icon for Microsoft rankMicrosoft
Aug 29, 2022

aexlz 

Security Administrator should be enough. The groups are created by the 1st party 'Azure Advanced Threat Protection' application that gets registered in your tenant.

  • aexlz's avatar
    aexlz
    Brass Contributor
    Aug 30, 2022
    Then have you have to have the permission to register this application?
    However: Security Admin was not sufficient 2 months ago. But maybe something has changed in the meantime.

Resources