Suggestion: Centralize Microsoft Defender XDR Role Management into Microsoft Entra ID

Hi, your timing is spot on—microsoft just rolled out the foundation for exactly what you’re aiming at. defender xdr now has "unified rbac (urbac)": a single permission system across defender for endpoint, identity, email, vulnerability mgmt, cloud apps, and more. since feb 2025, all new tenants use it by default. you define roles once (like soc l1, l2, vuln analyst…), assign them to entra groups, and manage everything from *defender portal - settings - permissions & roles*. it solves the fragmentation across products, and even lets you delegate urbac role admin via a custom entra role using the new “authorization” permission, no more global admin required.

the catch: these roles still live inside defender, not entra id. so while you manage group assignment in entra, role definitions themselves aren’t visible in the entra ui. microsoft says deeper integration might come later “phase 2”, but they haven’t committed to a date.

bottom line: activate urbac now, migrate or recreate your roles, map them to entra groups, and you’ve already got 90% of what you’re asking for. the final piece, making urbac roles native entra roles, isn’t here yet, but the groundwork is clearly in place. keep the pressure on via feedback and microsoft reps if you want to help push that last mile.