Forum Discussion
Defender XDR Unified RBAC - Cannot manage incidents
Thank you Steve for this update.
Defender for Cloud Apps not yet supported by Unified RBAC. As you can see when creating a new role, the list of available data sources in the assignment stage does not include Defender for Cloud Apps as an option. You can continue granting access to Defender for Cloud Apps data and experiences using the individual workload RBAC (in parallel to using Unified RBAC with the rest of the workloads).
MicrosoftMay I ask have you activated Unified RBAC with any of the workloads? If so which ones?
Can you also share what data sources have you included in the role assignment?
As for the Email & compliance functions you've mentioned that are working properly - note that if you haven't activated Unified RBAC for Email & compliance (both toggles) - access to these functions is managed via roles defined in Admin Center.
- Hello Gadi,
I have activated the following workloads:
- Endpoints & Vulnerability Management
- Email & Collaboration (both Defender for Office 365 & Exchange Online permissions)
- Secure Store
Identity is greyed out. We do not have on-premise AD.
I enabled all data sources in the assignment (MDE, MDO, MDI, MDC, and Secure Store.)
Thank you,
- Steve- Hello Gadi,
I just realized that I CAN manage incidents where the detection source is MDO. I CANNOT manage incidents where the detection source is Microsoft Defender for Cloud Apps. Is this not possible currently with the Unified RBAC?- Gadi_Palatchi_MSFT
Thank you Steve for this update.
Defender for Cloud Apps not yet supported by Unified RBAC. As you can see when creating a new role, the list of available data sources in the assignment stage does not include Defender for Cloud Apps as an option. You can continue granting access to Defender for Cloud Apps data and experiences using the individual workload RBAC (in parallel to using Unified RBAC with the rest of the workloads).
