MicrosoftHi https://www.linkedin.com/feed/hashtag/?keywords=microsoft&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A7122254322897170432 https://www.linkedin.com/feed/hashtag/?keywords=sentinel&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A7122254322897170432 https://www.linkedin.com/feed/hashtag/?keywords=community&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A7122254322897170432
I am acting as a bridge between two companies. I have been able to setup https://www.linkedin.com/feed/hashtag/?keywords=azure&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A7122254322897170432 https://www.linkedin.com/feed/hashtag/?keywords=lighthouse&highlightedUpdateUrns=urn%3Ali%3Aactivity%3A7122254322897170432 to delegate Sentinel management.
But I have an issue currently:
I have set up the delegation with Sentinel Responder, Playbook Operator and Logic App operator role. The service provider is able to modify/assign/update incidents but unable to run the playbooks from under the incidents with the error:
Caller is missing required playbook triggering permissions on playbook resource < playbook-name-here >, or Microsoft Sentinel is missing required permissions to verify the caller has permissions
Can someone tell me how to solve this?
++ some additional info:
I have seen the documentation about Lighthouse permissions on https://lnkd.in/dbegk7cA. but
1. None of the resources are deployed in the service provider's tenant. Infact my tenant doesn't even have a sentinel deployed. Do I still need to assign Azure Security Insights the Automation Contributor permission?
2. If yes, I do not see Azure Security Insights in my Enterprise Applications dashboard.(Do i need to install something extra for this?)
