AAD Security Reader Role in Microsoft Defender for Cloud Apps – Alignment with Microsoft 365 Defender
Currently the AAD “Security Reader” role can manage Microsoft Defender for Cloud Apps alerts, however, it can only view alerts from all other security workloads. The AAD “Security Reader” role update will now be aligned with AAD role definition to provide clarity and prevent confusion of the same role use.
When this will happen:
As of August 28, 2022, this update will take effect.
How this will affect your organization:
Any users who were assigned an AAD “Security Reader” role will not be able to manage the Microsoft Defender for Cloud Apps alerts after August 28, 2022.
What you need to do to prepare:
To continue to manage alerts, the users’ role should be updated to an AAD “Security Operator”. You may want to notify your users about this change and update your training and documentation as appropriate.