Why can't security administrator see resources in a subscription?

Question

I have Security administrator role on a subscription. Now, what I want to see is the resources available in the subscription to know the attack surface, but when I go to the resources tab, I see nothing Or if I check the VMs tab I cannot see any VM (even though they're available). Similarly, on the defender plans page, it shows all the resources as 0 whereas that's not the case.

Why being a security admin I cant see this data? Doesn't it come under my scope? If not, then what additional role I need to see this data. Obviously, I can't ask for Contributor consider the least privilege principle

I tried accessing resource details but couldn't. I was expecting to have access to this data as a security admin.

Answer 1

Note that: Security Administrator role will be able to read security information and reports and manage configuration in Microsoft Entra ID and Office 365 but not to view Azure resources. Check this MsDoc.

• The Security Administrator role does not provide access to view all resources in the subscription.

Hence assign Reader role to the user at subscription scope or resource group scope based on your requirement:

Now I am able to view the resources:

If you want to manage resources, then you have to assign contributor/owner role to the user.

Reference:

Azure built-in roles - Azure RBAC | Microsoft