Azure Sentinel Automation (Preview) - Issue with Permission assignment

Javier-Soriano 

I am managing a customer's Sentinel and want to run response playbooks from under the Incidents tab.

None of the resources are in my sentinel, infact I do not have any sentinel deployed. Still do I need to delegate Automation Contributor role to the Azure Security Insights app ? 

If yes, I do not see it the Enterprise applications menu

Perfect. Very same response from your support team as well on this issue. Good to highlight this at the documentation or may have improved from the time the this issue was raised.

There are two main scenarios when managing cross-tenant automation rules:
• Automation rule created in the customer tenant is configured to run a playbook located in the service provider tenant. This approach is normally used to protect intellectual property in the playbook. Nothing special is required for this scenario to work. Just grant permissions to the relevant resource group where the playbook is located via Manage playbook permissions menu as explained here.
• Automation rule created in the customer tenant is configured to run a playbook located in the customer tenant. Used when there is no need to protect intellectual property. For this scenario to work, permissions to execute the playbook need to be granted to Azure Sentinel in both tenants. In the customer tenant, you grant them via Manage playbook permissions menu as explained here. To grant the relevant permissions to the service provider tenant, you need to include the Azure Security Insights app in your Azure Lighthouse delegation template with the Azure Sentinel Automation Contributor role. The scenario looks like this: