Azure Sentinel - Run Antivirus Scan using Logic App

Hey @HA01329.

So your managed identity will have Scan permissions now. There's an issue with the PowerShell and the $PermissionName variable (line 3) is what needs to be changed to fix the other two perm assignments.

My PowerShell isn't that good so we are going to take the noob way out. Run the code two more times and change line 3 from $PermissionName = 'Machine.Scan' to $PermissionName = 'Machine.Read.All' on run 1 and $PermissionName = 'Machine.ReadWrite.All' on run 2.

This will flag errors but when you view the managed identity it will then have all permissions required. I will probably get giggled at for the above but its a workaround until I look into PowerShell more!

(I had a quick look into the perms, and Machine.Scan should include the read perms anyway and Machine.ReadWrite.All shouldn't be needed as I don't believe the logic app includes tagging etc? So this logic app/playbook should now work without you running the code 2 more times for the extra perms, but to leave out any doubts and link with the prereqs I've included the work around anyway)

Have a good weekend 🙂