Forum Discussion

fm1984's avatar
fm1984
Copper Contributor
Feb 06, 2020

Azure Sentinel with Lighthouse

We have deployed Azure Lighthouse to manage Azure Sentinel with Azure Sentinel Contributor and Azure Logic App Contributor roles.  we can access client's Sentinel. We've got a few incidents now. we ...
lmpalermo's avatar
lmpalermo
Copper Contributor
Jun 25, 2020

GaryBushey 

Thanks for the info.  This is what we are seeing.  In the customer tenant, security user can see who is assigned an incident.  In the Lighthouse tenant, he can not see who is assigned, even though he has privileges' in the customer tenant.  Assigning Directory Reader in the customer tenant does not allow the user to see any users assigned.

GaryBushey's avatar
GaryBushey
Bronze Contributor
Jun 25, 2020

lmpalermo That is what I would expect.  Even if you are using the same account in your own tenant and in the customer's tenant, Lighthouse doesn't check to see what rights that account has on the customer's tenant.  It only checks to see what rights have been granted via the ARM Template used to enable Lighthouse (and you cannot assign Directory Reader via Lighthouse).

 

If you need to assign customers to incidents, then Lighthouse will not work for you and you will need to login to the customer's tenant directly.

  • lmpalermo's avatar
    lmpalermo
    Copper Contributor
    Jun 25, 2020

    GaryBushey 

     

    That is what we expected.  So we wouldn't be able to see Owner either, correct?

    • GaryBushey's avatar
      GaryBushey
      Bronze Contributor
      Jun 26, 2020

      lmpalermo That is correct.  You don't have permission to translate the GUID to a username

Resources