Pending Actions - Defender XDR

Yes I believe this has been like this a while and best thing to do is to Use the new RBAC Roles..

Defender RBAC
https://learn.microsoft.com/en-us/defender-xdr/create-custom-rbac-roles

Activating RBAC
https://learn.microsoft.com/en-us/defender-xdr/activate-defender-rbac

Go to Permissions - Defender XDR Roles

and build out a new role  i.e

You can then either choose all read and Manage for say a full security Admin which is the easiest or if you want to be more granular then choose each option manually, in general if you were a security Admin role in azure before then you would have had more or less all read and manage anyway

As written above you'll need to activate RBAC

https://learn.microsoft.com/en-us/defender-xdr/activate-defender-rbac

If you're working in a large environment this will take change process etc and working with anyone with access to defender and making sure they are given rights to do their job etc

As to why it broke, not sure but think its because Microsoft are trying to move towards RBAC rather than the giant Azure Roles people had that gave you say Azure Rights, Identity, rights, etc all in one. Now they are moving more towards RBAC, so you are a Defender admin therefore you have granular rights in defender and it doesn't stray into other Azure areas.

In my environments I have now moved completely to new RBAC and tiered it all for each type of security worker group so we have like SOC analysts level 1's level 2 etc and full admins so the LV1 1 newbies can only do a limited number of things till management is confident they are ready for deeper dives and approvals etc