Forum Discussion

Copper Contributor

Jan 26, 2022

Unable to connect Azure Devops Repo to customer Sentinel

Hello all! I trying to setup the new Microsoft Sentinel Repos in an MSSP environment. I have a Devops repo in my tenant, and Lighthouse access to a test 'customer' tenant. I've tried all of the fo...

bradleyfell

Copper Contributor

Jan 30, 2022

Hi gsk256, tomsolari_kmt

To solve your Lighthouse woes 🙂

Owner Grants full access to manage all resources, including the ability to assign roles in Azure RBAC. 8e3af657-a8ff-443c-a75c-2fe8c4bcb635

gsk256

Copper Contributor

Jan 31, 2022

Hey bradleyfell
Are you saying I can grant Owner rights via RBAC? I didn't see that option in the template builder for Lighthouse. Do I need to scope the role to a Resource Group instead of a subscription?

bradleyfell
Copper Contributor
Feb 01, 2022
Update:
Just tried to test this for myself, I was largely mistaken -
That stinks...
- bradleyfell
  Copper Contributor
  Feb 06, 2022
  Bump, anyone have a solution?
  Microsoft working on this?
  Workaround for now is to use GitHub.
  - danielmangan
    Copper Contributor
    Feb 23, 2022
    bradleyfell, we're trying to connect a GitHub repo to a Sentinel instance from an MSSP subscription into an onboarded 'customer' subscription, but coming across the same permission problem. Is there a specific permission we need to delegate in order to make this work, without having to go through the b2b invite/owner role assignment at the rg level? Any clues greatly appreciated.
bradleyfell
Copper Contributor
Jan 31, 2022
Correct,
should look something like this:

{
"principalId": "",
"roleDefinitionId": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
"principalIdDisplayName": "[Your Naming Convention]"
},

Update: Owner role is not supported with Lighthouse