Forum Discussion
MDI Roles/Permissions - where art thou now ?
It used to be simple. In ATP (now MDI), there used to be 3 groups used for administration/viewing (Azure ATP [workspace] Admin, Azure ATP [workspace] Users and Azure ATP [workspace] Viewers).
Having gone round and round in Role groups - Microsoft Defender for Identity | Microsoft Learn - I am now lost on whether this is still the case, as I have recently heard a few of my MDI "admins" (with the ATP User group) can no longer manage alerts. They used to be able to, and now it is greyed out and if you hover over the button it says "You don't have permissions to perform this action". Has RBAC gone up the wazzoo since the forced transition to the new portal ? There is no menu/config for Identity permissions...so I don't even know where those groups are shown any more. Anyone know ?
StuartH . you can now create a custom role from MD365 permission blade for the admin they need to manage the security alerts for MDI.
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
Hey eliekarkafy
Thanks for the quick response. So, are you saying the previous ATP roles (Admin, User & Viewer) are no longer used ? If they are supposed to be, they seem not to be working !
Can you detail your exact steps to get to Permissions & Roles|Microsoft Defender, as that is not what I see in our security.ms.com (Defender) portal as I see:
StuartH . from the new permissions blade in Defender, under M365 Defender click on Roles
then click on custom role to create your MDI custom role
OK, so after some tenuous conversations with support and PG
None of the "stuff" is available UNLESS you have the Defender Preview enabled.
Once you enable that, you can import legacy roles (the Azure ATP groups), and then after lightning up the Identity workload....you are back to how things were before the move to the Defender Portal move.
Not throwing anyone under the bus here, but why was it deemed a good call to put this behind a preview button, and not tell people about it ? We have been using Azure ATP/MDI for 6+ years, and the move to the new portal actually seem to have broken all of the delegation which has worked well for all that time. Worst....it is not doc'ed.
Or TsemahMicrosoft
Hi StuartH, happy to continue this discussion, can you please ping me at ort@microsoft.com so we can think of the proper way to make sure permissions are not broken during the portal transition?
