SOLVED

role needed to view devices inventory in Defender

Copper Contributor

Hello,

 

I'm a global admin for my organization and was recently asked to provide read only access to a manager in Defender. He is mainly interested in viewing the devices inventory in the security portal. I assigned the role of security reader but he reported he he was not able to see it. I then assigned the role of global reader yet still he reported not being able to see it. I am not sure why he is not able to see the devices option, I don't want to assign the security admin role unless really necessary. Any thoughts on what could be happening? Thanks!

 

Defender devices.JPG

5 Replies
I've seen it already in some tenants. What license have you got and have you ever migrated or downgraded/upgraded your MDE Plan - for example from MDE Plan 2 to Defender for Business.
best response confirmed by glujan72 (Copper Contributor)
Solution
Are you using the MDE RBAC in your environment?

If so, read-only roles are no longer valid for MDE, so you will need to give him a role in MDE as well.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

Also check if device groups have security groups assigned for user access.
If a device group has a security groups assigned, only users that are part of these security groups will be able to see those devices.

@Kris_Deb_e2e Thanks for the reply. I am not sure what MDE plan we have, looking at our licensing it only shows MDE for endpoint server and we have an MS365 E5 license which includes MS365 Defender. I am more of a O365 admin dealing mainly with Intune, Exchange and AAD.

@Jonhed Thanks for the reply. I verified and we do not have RBAC activated so that must be the reason security reader no longer grants that ability. I will have to discuss it with our security team if we want to enable it. 

@glujan72 

Actually, if you do not have the RBAC enabled, my understanding is that reader roles should work.

Though, after having an additional look at the docs below, security reader might be the only role that works. 

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/basic-permissions?view=o3...

 

You mentioned giving global reader, so maybe try to assign security reader as well?

If this does not work, I would raise an SR with microsoft to check if RBAC (or the lack of) can be the reason.

1 best response

Accepted Solutions
best response confirmed by glujan72 (Copper Contributor)
Solution
Are you using the MDE RBAC in your environment?

If so, read-only roles are no longer valid for MDE, so you will need to give him a role in MDE as well.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/rbac?view=o365-worldwide

Also check if device groups have security groups assigned for user access.
If a device group has a security groups assigned, only users that are part of these security groups will be able to see those devices.

View solution in original post