AAD Risky User Playbook Authorization Reqest Denied

%3CLINGO-SUB%20id%3D%22lingo-sub-2242974%22%20slang%3D%22en-US%22%3EAAD%20Risky%20User%20Playbook%20Authorization%20Reqest%20Denied%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2242974%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENew%20to%20Azure%20Sentinel%2C%20setting%20up%20the%20AAD%20Risky%20User%20Playbook.%26nbsp%3B%20I%20did%20the%20app%20registration.%26nbsp%3B%20Not%20sure%20how%20to%20connect%20the%20registration%20to%20Playbook.%26nbsp%3B%20When%20I%20ran%20the%20playbook%20I%20got%20the%20following%20error%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22jbender_0-1617044762281.png%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F267985iD19B9E7158E8A1FC%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22jbender_0-1617044762281.png%22%20alt%3D%22jbender_0-1617044762281.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20what%20the%20issue%20may%20be%3F%26nbsp%3B%20Thanks%20for%20your%20help.%26nbsp%3B%20--James%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2243878%22%20slang%3D%22en-US%22%3ERe%3A%20AAD%20Risky%20User%20Playbook%20Authorization%20Reqest%20Denied%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2243878%22%20slang%3D%22en-US%22%3EWhat%20permissions%20did%20you%20provide%20to%20the%20app%20registration%3F%20Can%20you%20provide%20us%20a%20screenshot%3C%2FLINGO-BODY%3E
New Contributor

Hello,

 

New to Azure Sentinel, setting up the AAD Risky User Playbook.  I did the app registration.  Not sure how to connect the registration to Playbook.  When I ran the playbook I got the following error:

 

jbender_0-1617044762281.png

Does anyone know what the issue may be?  Thanks for your help.  --James

6 Replies
What permissions did you provide to the app registration? Can you provide us a screenshot
Permissions look okay to me! You have configuration authentication within that HTTP action in the Playbook? Could you share it (with the secret removed ofcourse)

Is this what you want to see?

 

 

@Thijs Lecomte 

 

 

jbender_0-1617225893998.png

jbender_1-1617225927124.png

 

 

Have you given the Managed Identity the correct permissions/role?
Right now you are not utilizing the app registration you showed in a previous step.
You should either:
- Provide the correct permissions to the Managed Identity (https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/how-to-ma...)
- Use the app registration for authentication (use the Active Directory OAuth authentication option)
Thanks, let me make some changes and try it out.