Feb 13 2024 03:05 PM
I've been configuring the new Defender XDR Unified RBAC roles, and two things that I cannot find permissions for are managing incidents and alerts. No matter what I configure, those buttons stay greyed out. This is despite configuring a role that has all Security Operations and Security Posture read and manage permissions.
Other functions are working, for instance being able to block users via the TABL, or Search & Purge permissions.
Can I please get some help?
Feb 14 2024 01:25 AM
Feb 14 2024 06:44 AM
Feb 14 2024 11:59 AM
Feb 14 2024 10:58 PM - edited Feb 18 2024 05:21 AM
SolutionThank you Steve for this update.
Defender for Cloud Apps not yet supported by Unified RBAC. As you can see when creating a new role, the list of available data sources in the assignment stage does not include Defender for Cloud Apps as an option. You can continue granting access to Defender for Cloud Apps data and experiences using the individual workload RBAC (in parallel to using Unified RBAC with the rest of the workloads).
Feb 15 2024 06:17 AM
Feb 18 2024 05:16 AM
Feb 14 2024 10:58 PM - edited Feb 18 2024 05:21 AM
SolutionThank you Steve for this update.
Defender for Cloud Apps not yet supported by Unified RBAC. As you can see when creating a new role, the list of available data sources in the assignment stage does not include Defender for Cloud Apps as an option. You can continue granting access to Defender for Cloud Apps data and experiences using the individual workload RBAC (in parallel to using Unified RBAC with the rest of the workloads).