Forum Discussion
B2B user with Security Admin cannot access Defender for Office 365 threat policies
FYI, for anyone else having this problem.
This problem is solved by switching the usertype on the B2B user account from "Guest" to "Member"
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/user-properties#user-type
Once this is done (and you wait a while, 30 minutes maybe) then the Threat Policies and all settings are visible as a privileged B2B user (Security Admin, Security Reader etc)
PhilostYes, we figured that workaround out as well, but for us it's a no-go. Being a member type user gives you access to all the customers' internal resource, i.e. Sharepoint. This is a privacy issue and makes this workaround off limits for us as an MSSP. We looked into locking down access via conditional access policies, but it's unmanageable.
We have a ticket running with Microsoft support on this issue, if a real solution comes from it, I'll update here.
Yeah, it works in our use case as we are multiple tenancies but the same organisation.
As you will already be aware, the root cause is the way Exchange Online Protection still relies on Exchange PowerShell and legacy Exchange Online permissions structure in general. An area/product group with whom it seems progress is challenging. I dare say lots of complexity. Doesn’t help the pure MSSP use case though…
