SOLVED

Create and Manage Device Groups area is missing from my tenant

Iron Contributor

I tried following along with the documentation https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/machine-groups?view=o365-... but I do not have a Permissions section (let alone Device Groups) under the Endpoint settings. Here is what the setting is supposed to look like

263946140-adb4ae5a-0900-461c-bd84-2d93a16bd642.png

 

And this is what my tenant looks like.

 

Device Permissions not existing.png

 

I initially thought there was a problem with the documentation but after I submitted feedback they said there might be something wrong with the tenant. I just wanted to check with other users to see if they are seeing things properly or if others see the same as what I do. The doc reply said I should open a support ticket however this always redirects us to our reseller who for the lack of better words, are totally incompetent, and I'm unable to open tickets with MS directly. Would rather not waste my time.

 

Regarding licenses, we have Business Premium. 

 

Am I just looking in the wrong spot or is something going on with our tenant?

16 Replies

Look like your user doesn't not have access to the permissions blade because the roles and device groups sections are not showing up in the portal , what is your current permissions ?

This is with a Global Admin account.
can you check the license blade, do you have plan 1 or plan 2 in place for the users ?
Microsoft Defender for Business
It's whatever is included with M365 Business Premium.
ok , then your plan include the usage of the device group. couple of things to try. first clear your browser cache and re-login again to the defender portal. make sure that your user is licensed of business premium
If you look at the chart at https://learn.microsoft.com/en-us/microsoft-365/security/defender-business/compare-mdb-m365-plans?vi... you can see that DfB contains everything P1 has and even some P2 components.
So I'm not sure why I can't see this permission section.
My GA account isn't licensed and afaik, MS has stated that GA accounts don't need licenses.
I logged in with my user account which IS licensed and I still don't see the section. The other sections are visible but greyed out (cannot change) which is expected.

@Marc_Laf from the defender portal, inside the permissions blade , are you able to see those 2 roles under endpoint roles and groups? 

 

eliekarkafy_0-1693321125956.png

 

@Marc_Laf ok , check if the below setting is ON , If not turn it on please and refere your page

 

eliekarkafy_0-1693321458268.png

 

@eliekarkafy 

Also don't have that. I'm guessing that the Defender for Business plan, although contains all P1 stuff, is crippled in some way. This was part of the feedback I provided on the documentation. I mentioned that maybe this was due to the license we have but no comment was made on that.

 

 

Endpoint Management.png

best response confirmed by Marc_Laf (Iron Contributor)
Solution
i think your license is not covering what are you looking for , i suggest you to open a ticket with MS security team to check your tenant and your license requirements
Thanks for trying. I think so too but I can't just open a ticket with MS Security team due to our reseller being the contact point and they're not exactly helpful. But I will keep digging, thanks!
I received a reply from MS Support. The Device Groups functionality is not directly available in Defender for Business despite it including features from P1 and P2. The DfB groups are managed elsewhere. https://learn.microsoft.com/en-us/microsoft-365/security/defender-business/mdb-create-edit-device-gr...
Hi, Did you ever make progress on this one? I have the same issue, however under Configuration Management > Device Confguration, it says 'You are currently using Intune to manage your security policies', therefore I have to make the groups in Intune... Even though I've don't this using a Dynamic Group I am still unable to see any groups in the dropdown under App Tags > Scoped Profiles when trying to create a new profile.
Hey there, sorry no progress was made. I gave up on digging into it as it was taking up more time than I could afford to give.
What I can say is, Defender for Business is definitely a very confusing platform in regard to features provided and their documentation doesn't help very well.
1 best response

Accepted Solutions
best response confirmed by Marc_Laf (Iron Contributor)
Solution
i think your license is not covering what are you looking for , i suggest you to open a ticket with MS security team to check your tenant and your license requirements

View solution in original post