Forum Discussion

Copper Contributor

Mar 29, 2021

AAD Risky User Playbook Authorization Reqest Denied

Hello, New to Azure Sentinel, setting up the AAD Risky User Playbook. I did the app registration. Not sure how to connect the registration to Playbook. When I ran the playbook I got the follow...

Thijs Lecomte

Bronze Contributor

Mar 30, 2021

What permissions did you provide to the app registration? Can you provide us a screenshot

jbender

Copper Contributor

Mar 30, 2021

Thijs Lecomte

Here you go sir.

Thijs Lecomte
Bronze Contributor
Mar 31, 2021
Permissions look okay to me! You have configuration authentication within that HTTP action in the Playbook? Could you share it (with the secret removed ofcourse)
- jbender
  Copper Contributor
  Mar 31, 2021
  Is this what you want to see?
  
  Thijs Lecomte
  - Thijs Lecomte
    Bronze Contributor
    Apr 03, 2021
    Have you given the Managed Identity the correct permissions/role?
    Right now you are not utilizing the app registration you showed in a previous step.
    You should either:
    - Provide the correct permissions to the Managed Identity (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal)
    - Use the app registration for authentication (use the Active Directory OAuth authentication option)