MSSP Automation Rule Permissions

Occasional Contributor

I recently saw the updates made to the permissions required to leverage the Automation Rules for MSSP providers/customers as outlined here: https://docs.microsoft.com/en-us/azure/sentinel/automate-incident-handling-with-automation-rules#per...

Is it possible to have a playbook hosted in the customer's tenant, such as the Block-AAD playbook, and run it against rules configured in the service provider tenant with this model? 

In the documentation it describes the opposite process - running playbooks hosted in the service provider tenant against customer tenants.

0 Replies