Forum Discussion
cjonesdnb
Jan 31, 2020Copper Contributor
Unable to Access policies in Security and Compliance
Ill try to summarize our issue as best I can but will admit it may require more info than I am providing. Hopefully, based on the issue, theres enough to provide suggestions on where we should focus our efforts to troubleshoot further.
Im currently troubleshooting an issue while assigned the Security Administrator role through Azure privileged identity management. When accessing the Security and Compliance portal it appears we can perform all necessary functions except modify / view any of the policies. The policy tab is visible under Threat Management but viewing any policy produces an error message and each error is pretty similar.
For example, Anti-malware policy error:
The requested search root 'NAMPR12A003.PROD.OUTLOOK.COM/ConfigurationUnits/xyz365.onmicrosoft.com/Configuration/Transport Settings/Rules/MalwareFilterVersioned' is not within the scope of this operation. Cannot perform searches outside the scope 'namprd12.prod.outlook.com/Configuration/Services/Microsoft Exchange/ExchangeLabs'.
We have a hybrid enterprise deployment and we utilize on prem accounts that authenticate through SSO. Our Exchange and Cloud Services team are limited in identifying root cause. The role assignment through Azure "should" have necessary permissions as stated:
https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles
This still reads like a permissions issue and we were going to try requesting to be added to Hygiene management in Exchange as we thought maybe were missing necessary privileges In Exchange related to Anti malware /Anti Spam. Any suggestions or recommendations are welcome to steer us in the right direction and are appreciated. Thanks in advance!
- Thijs LecomteBronze ContributorI have seen this issue while I had my permission assigned through Priviliged Identity Management, is that the case?
- cjonesdnbCopper Contributor
Yes indeed Thijs Lecomte
- Thijs LecomteBronze ContributorI have seen that you need to wait opto 45 minutes before PIM rights are propagated to Sec&Compl
Try waiting a while and logging out and back in