Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Azure Sentinel Workbook & Azure Dashboard Sharing to external B2B guest users

Brass Contributor

Hi,

 

I am trying to share Azure Sentinel Workbooks (custom) & as well as Azure Dashboards to external guest users i.e. Azure B2B user accounts but not able to share it.

 

I get error even after of assigning appropriate RBAC roles (mostly tried Azure Log analytics Reader, Azure Sentinel Reader & Reader) at different levels.  

 

Please note: This sharing is for external B2B users.

Appreciate your response.

 

Thanks.

6 Replies

@PrashTechTalk Just a thought but have you tried to copy the Azure Sentinel workbooks to the Log Analytics workbooks and see if that works?

best response confirmed by PrashTechTalk (Brass Contributor)
Solution

@Prash915 

 

So rather than Share, use EDIT and then Advanced Edit, to download a copy of the JSON (or ARM) to the user.  Then get them to import the workbook.  https://github.com/CliveW-MSFT/KQLpublic/blob/master/README.md for Import / Export info

 

Annotation 2020-03-30 194510.jpg 

@Gary Bushey - Thankyou & Appreciate your response..I will give a try.  Because the objective is to share B2B guests and that i do not want to assign RBAC at subscription level or resource group level i think its not possible to achieve.  As per Microsoft documentation the user should be part of the subscription. 

 

@CliveWatson @  Thanks & Appreciate your response.  This is a brilliant approach but the condition is B2B user should only read the workbook not own it completely or have feasibility to import it & modify.

 

Please correct me if i am wrong..

I am trying to share Azure Sentinel Workbook or Azure Dashboard with read only access to B2B users but i should make sure the actual workload reside in my tenant.

@Gary Bushey  - Hi Gary,

 

I tried your solution works completely fine only when the dashboard is built on customer tenant else they will not see the cross tenant data.  Sadly i had to opt for building workloads on customer tenant for this reason, Also RBAC for dashboard only is not available and had to grant reader access. 

 

Thanks.

@PrashTechTalk OK, I see what you are trying to do now.  Have you looked at Lighthouse where you can grant the customers the rights into your tenant? 

1 best response

Accepted Solutions
best response confirmed by PrashTechTalk (Brass Contributor)
Solution

@Prash915 

 

So rather than Share, use EDIT and then Advanced Edit, to download a copy of the JSON (or ARM) to the user.  Then get them to import the workbook.  https://github.com/CliveW-MSFT/KQLpublic/blob/master/README.md for Import / Export info

 

Annotation 2020-03-30 194510.jpg 

View solution in original post