SOLVED

RBAC permissions

Contributor

Hello,

Hopefully i'll get a response to this question!  Are the 3 Azure ATP role groups only designed to work in the ATP portal?  I'm a member of the Azure ATP Administrators group and can see incidents and alerts in the ATP Portal but not on the Defender 365 Portal.  Is their a similar RBAC model for Defender 365 or just the Azure Roles??

 

TIA

Rob

6 Replies
the ATP portal (*.atp.azure.com) and security.microsoft.com are aligned with the same RBAC permissions for data coming from AATP (MDI) .
Thanks,
However its not working in security.microsoft.com. My test user is a member of the ATP Admins group only in Azure and it works fine in the ATP Portal but not the 365 Portal
I would double check that indeed you are logged in with the exact same credentials to both portals,
and if you do, open a support case.
best response confirmed by rob_wood_8894 (Contributor)
Solution
Correction: The permissions will be aligned when we move to the new RBAC model which is coming soon.
See https://docs.microsoft.com/en-us/defender-for-identity/role-groups#required-permissions-for-the-micr... for handling the current permission model.
Sorry for misleading earlier.

@Eli Ofek No worries, i thought as much and the support guys have more or less confirmed that for the 365 Defender portal you need Azure admin roles currently as it is combining features with MDCA and MDE