Hi @HazyBazy ,
For full access you can assign the Global Administrator or Security Administrator roles, since the Security Reader role does not have access to view machines or device inventory. (This is also documented here.) To read the Defender for Endpoint vulnerabilities through a custom role, the account needs to have Vulnerability.Read permissions.
Permission type | Permission | Permission display name |
---|---|---|
Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' |
Application | Vulnerability.Read.All | 'Read Threat and Vulnerability Management vulnerability information' |
Delegated (work or school account) | Vulnerability.Read | 'Read Threat and Vulnerability Management vulnerability information' |
If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions.