Hello guys, I need help. I am create a intance the Defender for identity but receive mensage: the instance was not created because there is already a security group with the same name as the azure active directory Any tips on how to solve ? Thanks

I know this is old but just in case anyone has the same problem:There are 3 default security groups calledAzure ATP {instance name} AdministratorAzure ATP {instance name} UsersAzure ATP {instance name} Viewershttps://learn.microsoft.com/en-us/defender-for-identity/role-groupsThese may be empty but need to be deleted for defender for identity to proceed.

Several users have reported deleting the below three groups to resolve the error message. I had the same issue with my tenant; I fixed the problem by renaming the three groups instead of deleting and recreating them.Azure ATP {instance name} AdministratorAzure ATP {instance name} UsersAzure ATP {instance name} Viewers

MrDavidFox Microsoft's error messages should include the details like the name(s) of the groups that need to be deleted so people have clear (not nebulous) direction. Thanks for the clarification.

I'm curious where the groups came from and why some tenants have this issue and others don't,

that is still relevant David (thanks)

Error create instance Defender for identity

CCITD
Brass Contributor
May 21, 2024
Deleting the Azure ATP got me a bit further, but then I received the error:
Something went wrong.
MDI instance could not be created. DNS name already in use.

The solution was simple: wait a couple of hours and then refresh the page!
Martin_Schvartzman
Microsoft
Feb 01, 2024
This can happen when your tenant was onboarded to MDI in the past, and the workspace was deleted (due to license expiration and retention expiration, or deleted manually through a support ticket).
The error message displayed in the portal contains a link to the instructions on what to do to fix the issue: https://go.microsoft.com/fwlink/?linkid=2246313
aums8007
Copper Contributor
Sep 14, 2023
Several users have reported deleting the below three groups to resolve the error message. I had the same issue with my tenant; I fixed the problem by renaming the three groups instead of deleting and recreating them.

Azure ATP {instance name} Administrator
Azure ATP {instance name} Users
Azure ATP {instance name} Viewers
- Martin_Koe
  Copper Contributor
  Nov 13, 2023
  worked at my end.
MrDavidFox
Brass Contributor
Oct 18, 2022
I know this is old but just in case anyone has the same problem:

There are 3 default security groups called
Azure ATP {instance name} Administrator
Azure ATP {instance name} Users
Azure ATP {instance name} Viewers

https://learn.microsoft.com/en-us/defender-for-identity/role-groups

These may be empty but need to be deleted for defender for identity to proceed.
- wstitmgr
  Copper Contributor
  Jan 31, 2024
  Thank you VERY much for posting this!
- terryhugill
  Brass Contributor
  Sep 11, 2023
  Thank you, that helped me out.
- jnitterauer
  Copper Contributor
  Aug 24, 2023
  MrDavidFox
  
  Microsoft's error messages should include the details like the name(s) of the groups that need to be deleted so people have clear (not nebulous) direction. Thanks for the clarification.
  - wstitmgr
    Copper Contributor
    Jan 31, 2024
    jnitterauer EVERYTHING microsoft takes 10 times the effort it should. Not listing the names of the conflicting groups, forcing a delay-of-game while admins are forced to find this information is very much on brand for them.
EliOfek
Microsoft
Dec 09, 2021
Delete the existing 3 security groups from aad and try again.

Forum Discussion

Error create instance Defender for identity

Resources