SOLVED

Azure Sentinel Workbook & Azure Dashboard Sharing to external B2B guest users

%3CLINGO-SUB%20id%3D%22lingo-sub-1264252%22%20slang%3D%22en-US%22%3EAzure%20Sentinel%20Workbook%20%26amp%3B%20Azure%20Dashboard%20Sharing%20to%20external%20B2B%20guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1264252%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20share%20Azure%20Sentinel%20Workbooks%20(custom)%20%26amp%3B%20as%20well%20as%20Azure%20Dashboards%20to%20external%20guest%20users%20i.e.%20Azure%20B2B%20user%20accounts%20but%20not%20able%20to%20share%20it.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20get%20error%20even%20after%20of%20assigning%20appropriate%20RBAC%20roles%20(mostly%20tried%20Azure%20Log%20analytics%20Reader%2C%20Azure%20Sentinel%20Reader%20%26amp%3B%20Reader)%20at%20different%20levels.%20%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20note%3A%20This%20sharing%20is%20for%20external%20B2B%20users.%3C%2FP%3E%3CP%3EAppreciate%20your%20response.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1264252%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20Dashboard%20Sharing%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sentinel%20Workbook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1265243%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Workbook%20%26amp%3B%20Azure%20Dashboard%20Sharing%20to%20external%20B2B%20guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1265243%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F516158%22%20target%3D%22_blank%22%3E%40Prash915%3C%2FA%3E%26nbsp%3BJust%20a%20thought%20but%20have%20you%20tried%20to%20copy%20the%20Azure%20Sentinel%20workbooks%20to%20the%20Log%20Analytics%20workbooks%20and%20see%20if%20that%20works%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1265725%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Workbook%20%26amp%3B%20Azure%20Dashboard%20Sharing%20to%20external%20B2B%20guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1265725%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F516158%22%20target%3D%22_blank%22%3E%40Prash915%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ESo%20rather%20than%20Share%2C%20use%20EDIT%20and%20then%20Advanced%20Edit%2C%20to%20download%20a%20copy%20of%20the%20JSON%20(or%20ARM)%20to%20the%20user.%26nbsp%3B%20Then%20get%20them%20to%20import%20the%20workbook.%26nbsp%3B%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FCliveW-MSFT%2FKQLpublic%2Fblob%2Fmaster%2FREADME.md%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fgithub.com%2FCliveW-MSFT%2FKQLpublic%2Fblob%2Fmaster%2FREADME.md%3C%2FA%3E%26nbsp%3Bfor%20Import%20%2F%20Export%20info%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Annotation%202020-03-30%20194510.jpg%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F180682i3A9EA55D08763258%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Annotation%202020-03-30%20194510.jpg%22%20alt%3D%22Annotation%202020-03-30%20194510.jpg%22%20%2F%3E%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1267196%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Workbook%20%26amp%3B%20Azure%20Dashboard%20Sharing%20to%20external%20B2B%20guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1267196%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46875%22%20target%3D%22_blank%22%3E%40Gary%20Bushey%3C%2FA%3E%26nbsp%3B-%20Thankyou%20%26amp%3B%20Appreciate%20your%20response..I%20will%20give%20a%20try.%26nbsp%3B%20Because%20the%20objective%20is%20to%20share%20B2B%20guests%20and%20that%20i%20do%20not%20want%20to%20assign%20RBAC%20at%20subscription%20level%20or%20resource%20group%20level%20i%20think%20its%20not%20possible%20to%20achieve.%26nbsp%3B%20As%20per%20Microsoft%20documentation%20the%20user%20should%20be%20part%20of%20the%20subscription.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1267209%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Workbook%20%26amp%3B%20Azure%20Dashboard%20Sharing%20to%20external%20B2B%20guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1267209%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3E%26nbsp%3B%40%26nbsp%3B%20Thanks%20%26amp%3B%20Appreciate%20your%20response.%26nbsp%3B%20This%20is%20a%20brilliant%20approach%20but%20the%20condition%20is%20B2B%20user%20should%20only%20read%20the%20workbook%20not%20own%20it%20completely%20or%20have%20feasibility%20to%20import%20it%20%26amp%3B%20modify.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20correct%20me%20if%20i%20am%20wrong..%3C%2FP%3E%3CP%3EI%20am%20trying%20to%20share%20Azure%20Sentinel%20Workbook%20or%20Azure%20Dashboard%20with%20read%20only%20access%20to%20B2B%20users%20but%20i%20should%20make%20sure%20the%20actual%20workload%20reside%20in%20my%20tenant.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1284340%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Workbook%20%26amp%3B%20Azure%20Dashboard%20Sharing%20to%20external%20B2B%20guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1284340%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F46875%22%20target%3D%22_blank%22%3E%40Gary%20Bushey%3C%2FA%3E%26nbsp%3B%20-%20Hi%20Gary%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20your%20solution%20works%20completely%20fine%20only%20when%20the%20dashboard%20is%20built%20on%20customer%20tenant%20else%20they%20will%20not%20see%20the%20cross%20tenant%20data.%26nbsp%3B%20Sadly%20i%20had%20to%20opt%20for%20building%20workloads%20on%20customer%20tenant%20for%20this%20reason%2C%20Also%20RBAC%20for%20dashboard%20only%20is%20not%20available%20and%20had%20to%20grant%20reader%20access.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1284492%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Workbook%20%26amp%3B%20Azure%20Dashboard%20Sharing%20to%20external%20B2B%20guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1284492%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F516158%22%20target%3D%22_blank%22%3E%40Prash915%3C%2FA%3E%26nbsp%3BOK%2C%20I%20see%20what%20you%20are%20trying%20to%20do%20now.%26nbsp%3B%20Have%20you%20looked%20at%20Lighthouse%20where%20you%20can%20grant%20the%20customers%20the%20rights%20into%20your%20tenant%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1468648%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Sentinel%20Workbook%20%26amp%3B%20Azure%20Dashboard%20Sharing%20to%20external%20B2B%20guest%20users%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1468648%22%20slang%3D%22en-US%22%3E%3CP%3Ehi%2C%3C%2FP%3E%3CP%3Eplease%20see%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fprotecting-mssp-s-intellectual-property-in-azure-sentinel%2Fba-p%2F1420941%22%20target%3D%22_self%22%3Ethis%20link%3C%2FA%3E%2C%20might%20solve%20your%20issue%20.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hi,

 

I am trying to share Azure Sentinel Workbooks (custom) & as well as Azure Dashboards to external guest users i.e. Azure B2B user accounts but not able to share it.

 

I get error even after of assigning appropriate RBAC roles (mostly tried Azure Log analytics Reader, Azure Sentinel Reader & Reader) at different levels.  

 

Please note: This sharing is for external B2B users.

Appreciate your response.

 

Thanks.

6 Replies

@Prash915 Just a thought but have you tried to copy the Azure Sentinel workbooks to the Log Analytics workbooks and see if that works?

Best Response confirmed by Prash915 (Occasional Contributor)
Solution

@Prash915 

 

So rather than Share, use EDIT and then Advanced Edit, to download a copy of the JSON (or ARM) to the user.  Then get them to import the workbook.  https://github.com/CliveW-MSFT/KQLpublic/blob/master/README.md for Import / Export info

 

Annotation 2020-03-30 194510.jpg 

@Gary Bushey - Thankyou & Appreciate your response..I will give a try.  Because the objective is to share B2B guests and that i do not want to assign RBAC at subscription level or resource group level i think its not possible to achieve.  As per Microsoft documentation the user should be part of the subscription. 

 

@Clive Watson @  Thanks & Appreciate your response.  This is a brilliant approach but the condition is B2B user should only read the workbook not own it completely or have feasibility to import it & modify.

 

Please correct me if i am wrong..

I am trying to share Azure Sentinel Workbook or Azure Dashboard with read only access to B2B users but i should make sure the actual workload reside in my tenant.

@Gary Bushey  - Hi Gary,

 

I tried your solution works completely fine only when the dashboard is built on customer tenant else they will not see the cross tenant data.  Sadly i had to opt for building workloads on customer tenant for this reason, Also RBAC for dashboard only is not available and had to grant reader access. 

 

Thanks.

@Prash915 OK, I see what you are trying to do now.  Have you looked at Lighthouse where you can grant the customers the rights into your tenant?