Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Error create instance Defender for identity

Copper Contributor

Hello guys, I need help.

 

I am create a intance the Defender for identity but receive mensage: the instance was not created because there is already a security group with the same name as the azure active directory

 

Any tips on how to solve ?

 

Thanks

12 Replies
Delete the existing 3 security groups from aad and try again.
I know this is old but just in case anyone has the same problem:

There are 3 default security groups called
Azure ATP {instance name} Administrator
Azure ATP {instance name} Users
Azure ATP {instance name} Viewers

https://learn.microsoft.com/en-us/defender-for-identity/role-groups

These may be empty but need to be deleted for defender for identity to proceed.
that is still relevant David (thanks)
I'm curious where the groups came from and why some tenants have this issue and others don't,

@NetworkCompany Not sure where they came from, I was assuming it was an Azure service template or something, I know I didn't previously create them manually. We are synchronising our accounts from on-prem AD and those accounts were Azure Native.

@David Fox 

 

Microsoft's error messages should include the details like the name(s) of the groups that need to be deleted so people have clear (not nebulous) direction. Thanks for the clarification.

Thank you, that helped me out.
Several users have reported deleting the below three groups to resolve the error message. I had the same issue with my tenant; I fixed the problem by renaming the three groups instead of deleting and recreating them.

Azure ATP {instance name} Administrator
Azure ATP {instance name} Users
Azure ATP {instance name} Viewers
worked at my end.

@jnitterauer EVERYTHING microsoft takes 10 times the effort it should.  Not listing the names of the conflicting groups, forcing a delay-of-game while admins are forced to find this information is very much on brand for them.

Thank you VERY much for posting this!
This can happen when your tenant was onboarded to MDI in the past, and the workspace was deleted (due to license expiration and retention expiration, or deleted manually through a support ticket).
The error message displayed in the portal contains a link to the instructions on what to do to fix the issue: https://go.microsoft.com/fwlink/?linkid=2246313