Forum Discussion

MikeLister's avatar
MikeLister
Copper Contributor
Nov 11, 2025

XDR RBAC missing Endpoint & Vulnerability Management

I've been looking at ways to provide a user with access to the Vulnerability Dashboard and associated reports without giving them access to anything else within Defender (Email, Cloud App etc) looking at the article https://learn.microsoft.com/en-us/defender-xdr/activate-defender-rbac it has a slider for Endpoint Management which I don't appear to have? 

I have business Premium licences which give me GA access to see the data so I know I'm licenced for it and it works but I can't figure out how to assign permissions.  

When looking at creating a custom permission here https://learn.microsoft.com/en-us/defender-xdr/custom-permissions-details#security-posture--posture-management it mentions Security Posture Management would give them Vulnerability Management Level Read which is what I'm after but that doesn't appear to be working. The test account i'm using to try this out just gets an error 

Error getting device data 


I'm assuming its because it doesn't have permissions of the device details?



microsoft defender for endpoint

1 Reply

  • Lucaraheller's avatar
    Lucaraheller
    MCT
    Feb 09, 2026

    What you’re running into is not a licensing issue — it’s how Defender RBAC layers permissions between workload visibility and device scope.

    Business Premium gives you Defender for Business, which includes vulnerability management capability. That’s why you (as Global Admin) can see the data. But Defender RBAC still controls whether another user can query device inventory and vulnerability data.

    Two common causes explain what you’re seeing.

    First, the missing “Endpoint” slider.
    That toggle only appears if Defender for Endpoint RBAC is active in your tenant and you have the required role to manage it. In Defender for Business tenants, the RBAC experience can look slightly different compared to full Defender for Endpoint Plan 2 tenants. If RBAC for Endpoint isn’t fully enabled, you won’t see the same configuration surface described in the documentation.

    Second, the “Error getting device data” message.
    That almost always means the account does not have device group access. Vulnerability Management is tied to device objects. If the user does not have permission to any device groups, the dashboard cannot resolve device-scoped data, so it throws that generic error.

    Granting “Security Posture Management” alone is not sufficient. That permission enables the feature area, but the user still needs:

    – Read access to devices
    – Assignment to at least one device group
    – A role that includes basic device inventory visibility

    In Defender RBAC, access is effectively a combination of:

    1. What actions you’re allowed to perform
    2. Which device groups you’re scoped to

    If either is missing, data will not load.

    What to check:

    – Ensure Defender RBAC is enabled for Endpoint in Settings > Endpoints > Roles
    – Confirm the custom role includes read permissions for devices (not just posture)
    – Assign the user to at least one device group
    – Make sure the device group actually contains onboarded devices

    In many cases, creating a custom role that includes:

    – View data for Endpoint
    – View vulnerability management data
    – Read device information

    And scoping it to “All devices” (or a specific populated device group) resolves the issue.

    The error is not about license entitlement. It’s about missing device-level read scope. Vulnerability data is device-backed, so without device visibility, the dashboard cannot render.

    If you align both the permission set and the device group scope, the Vulnerability Dashboard will load correctly without giving access to Email, Cloud Apps, or other Defender workloads.

Resources