We got it working by configuring a new role in XDR RBAC
https://learn.microsoft.com/en-us/defender-xdr/create-custom-rbac-roles
then activating the unified RBAC
https://learn.microsoft.com/en-us/defender-xdr/activate-defender-rbac
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Up until last week we were able to check out the Security Administrator role in order to take action on a reported email in the defender action center. Now it is greyed out after we check out the role and we are unable to approve or reject actions. For example there is an action to soft delete the emails. Normally i'd go in and approve them with the Security administrator role, but now it is greyed out. We have cleared sessions and restarted browsers etc. We can confirm we have the role, just the permissions are not working the same.
We got it working by configuring a new role in XDR RBAC
https://learn.microsoft.com/en-us/defender-xdr/create-custom-rbac-roles
then activating the unified RBAC
https://learn.microsoft.com/en-us/defender-xdr/activate-defender-rbac