Access Required to Adjust Azure Sentinel Permissions to Run Playbooks

This is an area that’s not highlighted anywhere in particular – or, at least not highlighted well enough – but the question does come up quite a bit.

Q: What role or access is required to enable or modify the ability for Azure Sentinel to run Playbooks?

This question comes up after an Azure Sentinel user with any of the specific roles applied – including Contributor – attempts to access the Playbooks Permissions area in Azure Sentinel console settings and gets a nasty No Permissions message.

Boo-hoo…no permissions…
Configure permissions

This permissions adjustment can ONLY be made by the OWNER of the Resource Group that the logged-in user is attempting to apply permissions to.

What does this actually do?

When the Configure Permissions button is used it adds the ‘Azure Sentinel Automation Contributor‘ role to an app account called “Azure Security Insights” on the resource group.

Azure Security Insights account

And, btw…DO NOT give a user the ‘Azure Sentinel Automation Contributor‘ role. This role is not designed for users accounts. Applying this role to a user will keep the specific user from having access to use Playbooks with Automation Rules.

=========================

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Azure Sentinel Newsletter]

Author

Leave a Reply