May 29 2021 12:29 PM
Does anyone have any ideas about how the ABAC functionality could be leveraged for a SOC team that is using Azure Sentinel?
May 30 2021 06:39 AM - edited May 30 2021 06:40 AM
@Dean Gross Haven't really thought it all through but I can see granting access to certain Azure Lighthouse groups for customer access based on attributes (not sure if that would be easier than granting access to the group or not)
You could also setup table level access control and use attributes to determine who can access that (I think): Manage access to Azure Sentinel data by resource | Microsoft Docs