SOLVED

Unable to create Azure atp instance

%3CLINGO-SUB%20id%3D%22lingo-sub-712707%22%20slang%3D%22en-US%22%3EUnable%20to%20create%20Azure%20atp%20instance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-712707%22%20slang%3D%22en-US%22%3E%3CP%3Eyour%20instance%20was%20not%20created%20because%20security%20group%20with%20same%20name%20already%20exist%20in%20azure%20active%20directory.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-712707%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Emohsinrashid1%40gmail.com%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-715608%22%20slang%3D%22en-US%22%3ERe%3A%20Unable%20to%20create%20Azure%20atp%20instance%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-715608%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F363793%22%20target%3D%22_blank%22%3E%40Mohsinrashid1%3C%2FA%3E%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIt%20looks%20like%20your%20tenant%20had%20an%20AATP%20instance%20in%20the%20past%20and%20it%20was%20deleted.%20However%20when%20the%20instance%20was%20deleted%20the%20AAD%20groups%20used%20by%20AATP%20for%20RBAC%20were%20not%20deleted.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20you%20go%20to%20AAD%20you%20should%20see%20three%20groups.%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAzure%20ATP%26nbsp%3B%3C%2FSPAN%3E%3CEM%3E(instance%20name)%3C%2FEM%3E%3CSPAN%3E%26nbsp%3BAdministrators%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAzure%20ATP%26nbsp%3B%3CEM%3E(instance%20name)%3C%2FEM%3E%20Viewers%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EAzure%20ATP%26nbsp%3B%3CEM%3E(instance%20name)%3C%2FEM%3E%26nbsp%3BUsers%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-role-groups%23types-of-azure-atp-security-groups%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure-advanced-threat-protection%2Fatp-role-groups%23types-of-azure-atp-security-groups%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20can%20see%20who%20is%20currently%20a%20member%20of%20these%20groups%20and%20then%20delete%20these%20groups.%26nbsp%3B%3C%2FP%3E%3CP%3EYou%20should%20be%20able%20to%20create%20your%20AATP%20instance%20now.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHTH%26nbsp%3B%3C%2FP%3E%3CP%3EGershon%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

your instance was not created because security group with same name already exist in azure active directory.

1 Reply
Best Response confirmed by Mohsinrashid1 (New Contributor)
Solution

Hi @Mohsinrashid1

 

It looks like your tenant had an AATP instance in the past and it was deleted. However when the instance was deleted the AAD groups used by AATP for RBAC were not deleted. 

 

If you go to AAD you should see three groups. 

Azure ATP (instance name) Administrators

Azure ATP (instance name) Viewers

Azure ATP (instance name) Users

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-role-groups#types-of-azure-atp...

 

You can see who is currently a member of these groups and then delete these groups. 

You should be able to create your AATP instance now. 

 

HTH 

Gershon