Aug 23 2022 05:44 AM
Hi, in the Microsoft docs for DFI https://docs.microsoft.com/en-us/defender-for-identity/role-groups#required-permissions-for-the-micr... it calls out the following for permissions with DFI.
For Defender for Identity settings in Microsoft 365 Defender, ensure that you have the sufficient Azure Active Directory roles or you're a member of the Azure ATP (instance name) Administrators or the Azure ATP (instance name) Users Azure AD groups.
I am trying to determine what roles are required for the installation and operation of the DFI service with M365 Defender.
Do we need to have the security reader role in M365D and user added to the Azure ATP Viewer group to access functionality, or are we able to do this with Azure AD roles like the Security Reader? Just looking for clarity as the above paragraph called out "Azure directory role or you're a member of Azure ATP...", but I cannot find a definition of the required AD roles supported.
I did see another post around unifying this with RBAC, but not sure if that is there currently.
Thanks
Aug 28 2022 04:51 AM
Thank you for your feedback.
We've updated the documentation to better describe the permissions needed:
Aug 28 2022 07:20 AM
Security Administrator is not sufficient for creating the MDI Workspace.
Since there are three groups created in the background when creating the MDI Workspace, you must be either Global Administrator or Security Administrator AND Group Administrator.
I had opened a ticket at MS because of this issue.
Or has anything changed here?
Aug 29 2022 07:09 AM
Security Administrator should be enough. The groups are created by the 1st party 'Azure Advanced Threat Protection' application that gets registered in your tenant.
Aug 30 2022 02:13 AM