Findings
Generator
Configuration
Lucidum Reverse
Architecture
Statistics
← All Findings
Vendor:
Microsoft Defender for Endpoint
FIN-260
Weight:
5
4
3
2
1
Confidence:
High
Medium
Low
Edited:
2026-03-06 09:03
Verified
What It Detects
Device has no RBAC (Role-Based Access Control) group assignment in Microsoft Defender for Endpoint. Devices without group assignment fall outside scoped access controls, meaning security operators may not have proper visibility or response permissions. This creates governance gaps where incidents on ungrouped devices may go unnoticed or unmanageable by the appropriate team.
MITRE ATT&CK Techniques
Comma-separated, e.g. T1078, T1190
Checks
read-only
Field
Operator
Value
rbacGroupId
equals
0
Remediation
×
×
×
+ Add item
Why It Matters
×
×
×
+ Add item
Save Changes
Export Lucidum