Currently the AAD “Security Reader” role can manage Microsoft Defender for Cloud Apps alerts, however, it can only view alerts from all other security workloads. The AAD “Security Reader” role update will now be aligned with AAD role definition to provide clarity and prevent confusion of the same role use.
When this will happen
As of August 28, 2022, this update will take effect.
How this will affect your organization
Any users who were assigned an AAD “Security Reader” role will not be able to manage the Microsoft Defender for Cloud Apps alerts after August 28, 2022.
What you need to do to prepare
To continue to manage alerts, the users’ role should be updated to an AAD “Security Operator”. You may want to notify your users about this change and update your training and documentation as appropriate. To learn more about admin permissions, please visit this page.
Message ID: MC406649
Published: 28 July 2022
Updated: 28 July 2022
Action required by: 28 August 2022
Platform: World tenant, Online
