Forum Discussion

Copper Contributor

Mar 29, 2021

AAD Risky User Playbook Authorization Reqest Denied

Hello, New to Azure Sentinel, setting up the AAD Risky User Playbook. I did the app registration. Not sure how to connect the registration to Playbook. When I ran the playbook I got the follow...

jbender

Copper Contributor

Mar 30, 2021

Thijs Lecomte

Here you go sir.

Thijs Lecomte

Bronze Contributor

Mar 31, 2021

Permissions look okay to me! You have configuration authentication within that HTTP action in the Playbook? Could you share it (with the secret removed ofcourse)

jbender
Copper Contributor
Mar 31, 2021
Is this what you want to see?

Thijs Lecomte
- Thijs Lecomte
  Bronze Contributor
  Apr 03, 2021
  Have you given the Managed Identity the correct permissions/role?
  Right now you are not utilizing the app registration you showed in a previous step.
  You should either:
  - Provide the correct permissions to the Managed Identity (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-manage-ua-identity-portal)
  - Use the app registration for authentication (use the Active Directory OAuth authentication option)
  - jbender
    Copper Contributor
    Apr 05, 2021
    Thanks, let me make some changes and try it out.