Jan 15 2023 09:01 PM
Hi,
I am having a permissions issue with getting the playbook template ‘Run-MDEAntivirus’ working. So far I have:
Steps using the Sentinel connector inside the Logic app work (these all have green tickets and contain the expected data). The first MDE step ‘Machines - Get a Single Machine’ fails with a 403 error. Message it returns is ‘Missing application roles. API required roles: Machine.Read.All,Machine.ReadWrite.All, application roles ‘Machine.Scan’.
I am not clear where I need to add those privileges. My understanding is the Logic App is using the wdatp-Run-MDEAntivirus API connection which in turn is using the Managed Identity (that has the right privileges). Any suggestions on what to do next would be welcome.
Cheers,
Michael
Jul 20 2023 08:14 AM
Jul 25 2023 04:53 AM