SOLVED

RBAC permissions

Brass Contributor

Hello,

Hopefully i'll get a response to this question!  Are the 3 Azure ATP role groups only designed to work in the ATP portal?  I'm a member of the Azure ATP Administrators group and can see incidents and alerts in the ATP Portal but not on the Defender 365 Portal.  Is their a similar RBAC model for Defender 365 or just the Azure Roles??

 

TIA

Rob

8 Replies
the ATP portal (*.atp.azure.com) and security.microsoft.com are aligned with the same RBAC permissions for data coming from AATP (MDI) .
Thanks,
However its not working in security.microsoft.com. My test user is a member of the ATP Admins group only in Azure and it works fine in the ATP Portal but not the 365 Portal
I would double check that indeed you are logged in with the exact same credentials to both portals,
and if you do, open a support case.
best response confirmed by rob_wood_8894 (Brass Contributor)
Solution
Correction: The permissions will be aligned when we move to the new RBAC model which is coming soon.
See https://docs.microsoft.com/en-us/defender-for-identity/role-groups#required-permissions-for-the-micr... for handling the current permission model.
Sorry for misleading earlier.

@EliOfek No worries, i thought as much and the support guys have more or less confirmed that for the 365 Defender portal you need Azure admin roles currently as it is combining features with MDCA and MDE

@EliOfek Hi are there any timelines for when the RBAC model you mentioned is coming to the 365 Security portal?

This is currently being previewed with select customer, the expectation is that it will be in public preview in the coming months
1 best response

Accepted Solutions
best response confirmed by rob_wood_8894 (Brass Contributor)
Solution
Correction: The permissions will be aligned when we move to the new RBAC model which is coming soon.
See https://docs.microsoft.com/en-us/defender-for-identity/role-groups#required-permissions-for-the-micr... for handling the current permission model.
Sorry for misleading earlier.

View solution in original post