Forum Discussion
Solved
role needed to view devices inventory in Defender
Hello, I'm a global admin for my organization and was recently asked to provide read only access to a manager in Defender. He is mainly interested in viewing the devices inventory in the security...
- Are you using the MDE RBAC in your environment?
If so, read-only roles are no longer valid for MDE, so you will need to give him a role in MDE as well.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide
Also check if device groups have security groups assigned for user access.
If a device group has a security groups assigned, only users that are part of these security groups will be able to see those devices.
I've seen it already in some tenants. What license have you got and have you ever migrated or downgraded/upgraded your MDE Plan - for example from MDE Plan 2 to Defender for Business.
Kris_Deb_e2e Thanks for the reply. I am not sure what MDE plan we have, looking at our licensing it only shows MDE for endpoint server and we have an MS365 E5 license which includes MS365 Defender. I am more of a O365 admin dealing mainly with Intune, Exchange and AAD.