AAD Risky User Playbook Authorization Reqest Denied

jbender · ‎Mar 29 2021

Hello,

New to Azure Sentinel, setting up the AAD Risky User Playbook. I did the app registration. Not sure how to connect the registration to Playbook. When I ran the playbook I got the following error:

Does anyone know what the issue may be? Thanks for your help. --James

Thijs Lecomte · ‎Mar 29 2021

What permissions did you provide to the app registration? Can you provide us a screenshot

jbender · ‎Mar 30 2021

@Thijs Lecomte

Here you go sir.

Thijs Lecomte · ‎Mar 31 2021

Permissions look okay to me! You have configuration authentication within that HTTP action in the Playbook? Could you share it (with the secret removed ofcourse)

jbender · ‎Mar 31 2021

Is this what you want to see?

@Thijs Lecomte

Thijs Lecomte · ‎Apr 03 2021

Have you given the Managed Identity the correct permissions/role?
Right now you are not utilizing the app registration you showed in a previous step.
You should either:
- Provide the correct permissions to the Managed Identity (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-ma...)
- Use the app registration for authentication (use the Active Directory OAuth authentication option)

jbender · ‎Apr 05 2021

Thanks, let me make some changes and try it out.

AAD Risky User Playbook Authorization Reqest Denied

AAD Risky User Playbook Authorization Reqest Denied

Re: AAD Risky User Playbook Authorization Reqest Denied

Re: AAD Risky User Playbook Authorization Reqest Denied

Re: AAD Risky User Playbook Authorization Reqest Denied

Re: AAD Risky User Playbook Authorization Reqest Denied

Re: AAD Risky User Playbook Authorization Reqest Denied

Re: AAD Risky User Playbook Authorization Reqest Denied

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

AAD Risky User Playbook Authorization Reqest Denied