Forum Discussion
Azure Sentinel Multi tenant/MSSP Playbooks
Microsoftpavankemi please watch this webinar as a first step: Azure Sentinel webinar: MSSP and Distributed Organization Support - YouTube
let us know if you have further questions after watching
Javier-Soriano We are trying to do something similar as AdamJones. We have Lighthouse setup to manage our clients workspaces and have some Playbooks we would like consistent across our workspaces, such as being able to send email alerts from an incident.
We have noticed that we can attach playbooks that are created under other organizations but we cannot attach any playbooks that are within the MSSP tenant, they just don't appear in the list. We do have the subscription selected, that should not be the issue there.
The only explanation I can think of is that we have to onboard ourselves into Lighthouse, if that is even possible.
Any insight here would be helpful.
Thanks,
Mike
- Javier-Soriano
mperrotta you should be able to select a playbook in the MSSP tenant as an automatic response to an analytics rule created in the customer tenant. If you don't see those playbooks, it could be because you're lacking permissions to see the resource group where the playbooks are located or because you don't have a Logic App role granted in the MSSP tenant (or both!)
Javier-Soriano Thanks, I finally found the role that was required, the Monitoring Reader ro
