Forum Discussion

rob_wood_8894's avatar
rob_wood_8894
Brass Contributor
Aug 09, 2022

Device Groups not working as expected

Hello,

Added tags to some of our onboarded devices and created a device group to collect them together, all good.  Created a role in endpoints\Roles and assigned it to the device group and an AAD group.  Added a user to the AAD group and got them to log in expecting them to only see the devices in the Device Group, but alas no, they can see all of the devices in the inventory still, not as expected!!  Am i doing something wrong or are my expectations that the documentation isn't actually telling the true story coming to fruition??

TIA

Rob

    • rob_wood_8894's avatar
      rob_wood_8894
      Brass Contributor
      They aren't in any group or role apart from an AAD security group that is assigned to the device group. If i remove them from the AAD group they cannot see any devices in the inventory
      • yongrheemsft's avatar
        yongrheemsft
        Icon for Microsoft rankMicrosoft
        rob_wood_8894, when you go to Permissions-> Endpoints -> Roles, do you see: "Start using roles?
        Role-based access control provides granular options for regulating permissions to portal features and data.


        Users with read-only permissions will lose access to the portal until they are assigned one of the new roles through their Azure AD groups.

        Users with admin permissions are automatically assigned the Microsoft Defender for Endpoint administrator role with full permissions.

        Turn on roles"

        or something else?

        Thanks,
        Yong Rhee - MSFT

Resources