Forum Discussion

StuartH .'s avatar
StuartH .
Brass Contributor
Jul 24, 2023

MDI Roles/Permissions - where art thou now ?

It used to be simple. In ATP (now MDI), there used to be 3 groups used for administration/viewing (Azure ATP [workspace] Admin, Azure ATP [workspace] Users and Azure ATP [workspace] Viewers). Having...
StuartH .'s avatar
StuartH .
Brass Contributor
Jul 24, 2023

elieelkarkafi  of course, I can log a ticket and will, but it is possible that all of this new RBAC stuff related to MDI is not public ready/released yet for an Enterprise org that is running Defender. Is that a fair assessment ?

 

Question remains though - should the "older" Admin/User/Viewer ATP roles still work and be capable of being used ?  If so, then it is seemingly broken, and I would need a ticket for that too.

Or Tsemah's avatar
Or Tsemah
Former Employee
Jul 27, 2023

StuartH . 
Hi, the classic MDI roles still work but have many caveats when used, such as the need for additional permissions to view all identity related experiences, so the recommendations are to use the more granular M365 RBAC capabilities or global roles.

If you don't have the former available in your tenant, please send me your Tenant ID so i can check why it is not enabled.