The Defender Management Portal Installation and Configuration Guide states, as an installation pre-requisite, to "Ensure that you run the installation as a member of the Domain Admins group."
Why is membership in Domain Admins required? Are there specific permissions that can be assigned to a different group to perform the installation?
If installing the Management Portal as a member of the Domain Admins group is not an option, you can assign the permission "Create all child objects" for your user or group on the Computer object in AD for the system where the Management Portal is being installed.
Please note that the user performing the installation must also be a member of the local Administrators group on the system. This same user will also be granted "Full Control" on the 'CN=Quest.Defender.LogReceiver' Service Connection Point in AD once the SCP has been created as part of the installation.
The group assigned the "Administrator" Role in the Management Portal will have "Read permissions" and "Modify permissions" on the Service Connection Point (SCP).