Forum Discussion

TaurusTec's avatar
TaurusTec
Brass Contributor
Nov 03, 2022

B2B user with Security Admin cannot access Defender for Office 365 threat policies

To work on Microsoft 365 Defender we have set up MSSP access as defined in https://cloudpartners.transform.microsoft.com/download?assetname=assets%2FAzure-Sentinel-Technical-Playbook-for-MSSPs.pdf&download=1. Now we noticed that with the guest users, which have activated the Security Admin role via the access packages and PIM, we can't access the Threat Policies within the Microsoft 365 Defender tenant. We tested it on our lab tenant, and there the behaviour is the same, but for member users the issues does not arise. Is this expected behavior? If so, is there another way that we can manage our client's threat policies without creating member users in their tenant?

 

Is the limited support for guest users documented anywhere by Microsoft? It is stated in the docs that sec admin has these permissions, but there is no mention anywhere that this would be limited for guest users.

 

If anyone has more info on this issue, or even a better way of working, sharing it would be greatly appreciated.

 

    • TaurusTec's avatar
      TaurusTec
      Brass Contributor

      PhilostYes, we figured that workaround out as well, but for us it's a no-go. Being a member type user gives you access to all the customers' internal resource, i.e. Sharepoint. This is a privacy issue and makes this workaround off limits for us as an MSSP. We looked into locking down access via conditional access policies, but it's unmanageable.

      We have a ticket running with Microsoft support on this issue, if a real solution comes from it, I'll update here.

      • Philost's avatar
        Philost
        Brass Contributor

        Yeah, it works in our use case as we are multiple tenancies but the same organisation.

        As you will already be aware, the root cause is the way Exchange Online Protection still relies on Exchange PowerShell and legacy Exchange Online permissions structure in general. An area/product group with whom it seems progress is challenging. I dare say lots of complexity. Doesn’t help the pure MSSP use case though…

  • MattThomasCB's avatar
    MattThomasCB
    Copper Contributor
    I am having similar issues with the guest permissions in defender 365. The system administrator role appears to provide no access for guest accounts. The only guests who can access defender 365 are those with global administrator. The RBAC setup also does not appear to be working.

    Have you solved your issue?
    • TaurusTec's avatar
      TaurusTec
      Brass Contributor
      Hi Matt,

      No I have not solved this issue, nor have I received proper support from msft. I had opened a case via the Partner Center but received only an answer in the form of links to msft docs, not very helpful.

      Anyone else has any clue here?

Resources