There have been some enhancements to the permissions available to apply as roles to the Azure Sentinel service and some new recommendations that are worth highlighting here. These enhancements have filtered into our documentation without any fanfare, so they are easy to miss.
Azure Sentinel Automation Contributor allows Azure Sentinel to add playbooks to automation rules. It is not meant for user accounts.
Guest users assigning incidents – If a guest user needs to be able to assign incidents, then in addition to the Azure Sentinel Responder role, the user will also need to be assigned the role of Directory Reader. Note that this role is not an Azure role but an Azure Active Directory role, and that regular (non-guest) users have this role assigned by default.
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Azure Sentinel Newsletter]