Forum Discussion
MDI Roles/Permissions - where art thou now ?
It used to be simple. In ATP (now MDI), there used to be 3 groups used for administration/viewing (Azure ATP [workspace] Admin, Azure ATP [workspace] Users and Azure ATP [workspace] Viewers). Having...
StuartH . you can now create a custom role from MD365 permission blade for the admin they need to manage the security alerts for MDI.
Please click Mark as Best Response & Like if my post helped you to solve your issue. This will help others to find the correct solution easily.
OK, so after some tenuous conversations with support and PG
None of the "stuff" is available UNLESS you have the Defender Preview enabled.
Once you enable that, you can import legacy roles (the Azure ATP groups), and then after lightning up the Identity workload....you are back to how things were before the move to the Defender Portal move.
Not throwing anyone under the bus here, but why was it deemed a good call to put this behind a preview button, and not tell people about it ? We have been using Azure ATP/MDI for 6+ years, and the move to the new portal actually seem to have broken all of the delegation which has worked well for all that time. Worst....it is not doc'ed.
Or TsemahMicrosoft
Hi StuartH, happy to continue this discussion, can you please ping me at ort@microsoft.com so we can think of the proper way to make sure permissions are not broken during the portal transition?Or Tsemah Thank you for this post as I'm experiencing a similar issue. I've followed the steps you listed to setup access to the MDI Health Reports but I seem to be a step or two away from completion. They sys admin that I'm testing with is able to see "Identities" under Settings. He can see "Health issues", "Advanced Settings", "About", and "Report Management", but he cannot see any data under 'Health Issues', nor can he see any servers under 'Sensors'. Can you help me identify what I'm missing? Please see attached screenshots.
Thanks!
Glenn
Hey eliekarkafy
Thanks for the quick response. So, are you saying the previous ATP roles (Admin, User & Viewer) are no longer used ? If they are supposed to be, they seem not to be working !
Can you detail your exact steps to get to Permissions & Roles|Microsoft Defender, as that is not what I see in our security.ms.com (Defender) portal as I see:
StuartH . from the new permissions blade in Defender, under M365 Defender click on Roles
then click on custom role to create your MDI custom role
eliekarkafy mmm, that might be an issue, as I don't even see Microsoft 365 Defender as an item under Permissions. Is this valid for an Enterprise customer - RBAC not available for Defender for Business and hence why it is not showing ? I have looked in two of our tenants, as a Global Admin, and it is not in either
Asides....can you tell me whether those "old" permissions groups are no longer used ? I just don't see that doc'ed anywhere, and I would have thought that there would have been something doced if there was some expectation on customers to migrate from the old way to the new way. Now we are seemingly in a position whereby our admins can't seem to manage MDI alerts. As a global admin, of course, I can still manage the backend MDI settings/sensors etc.
