Jan 26 2024 07:00 AM - edited Jan 26 2024 07:03 AM
Hello community,
I'm looking into an issue that has appeared using the new Unified RBAC permissions in Defender XDR portal.
First of all, the user that is trying to perform the action is invited to a tenant as a guest user. The user is then assigned the Security Reader & Security Operator role.
When accessing the Tenant Allow/Block List page in Defender XDR and trying to add a new entry, the user is met with the following error message:
Unfortunately, the message is very generic. The new entry has been tested with both an email address, as well as a TLD. In both cases, the result was the same.
The user has been assigned the following permissions, with Workloads enabled, on all Data Sources:
While the Detection tuning (manage) permission, should be sufficient to complete this action, it appears that it's not. Should there be an additional permission assigned or would this indicate a different issue?
Thank you for your time.
Feb 14 2024 07:44 AM
Hello @a-rapsomanikis,
We are experiencing some issues with Invited guests and their access to some MDO experiences , that were previously controlled by EXO roles (this is including TABL).
As a temporary workaround, you may need to disable Defender XDR RBAC for Email & Collaboration / Exchange Online section.
You may also need to re-assign the Entra ID roles in the Microsoft Admin Center
go to Role assignments - Microsoft 365 admin center > select "Exchange" roles tab > search for a "Security Administrator" role group > in the Security Administrator role group flyout, select "Permissions" tab > select "Security Admin" and click save.
Feb 15 2024 08:19 AM
@Marina_Kidron confirming this workaround is functional.
Thank you for your continuous support and for introducing this workaround.