Unable to View MDI Alert

Copper Contributor
Hi all:
 
We recently onboarded our on-prem domain controllers with Defender for Endpoint and installed the Defender for Identity application on each. We received an Identity alert a week ago via email alerts, but we've been unable to view the alert or its details. The error we're getting is "You can’t access this section. Sorry, you can’t access this section. Check with your administrator for the role-based access permissions to see the data."
 
I am the global administrator for our tenant and a member of the global administrator group in Azure. I also imported the Identity workload inside Permissions and Roles in Defender, and assigned it to an Azure group I'm a member of, but I'm still unable to access the alert.  What am I missing?
2 Replies

@lloydz Hey - thanks for surfacing that. Just making sure - do you have machine groups set in M365D portal?

If so, we filter these alerts based on the device group settings - you can edit this to include MDI users as well. However, this is not intended, so we are working on removing the MDE device group restriction to MDI alerts.

We have not created machine groups in the Defender Portal ourselves. There appears to be an "Ungrouped Devices" group that was automatically generated, and that's the only one listed. We're all on-prem and manage Defender through ConfigMgr/SCCM.