cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Security Tech Accelerator
Dec 06 2023, 07:00 AM - 12:00 PM (PST)
Microsoft Tech Community
LIVE
Find out more
SOLVED

Problem with Playbook permissions through Lighthouse

pednie
Copper Contributor

‎Oct 03 2023 11:39 PM

‎Oct 03 2023 11:39 PM

Problem with Playbook permissions through Lighthouse

I have two tenants where I test Azure Lighthouse and I'm having playbook permissions trouble while doing this.

In the "customer" tenant I have established Sentinel and Playbooks. In this tenant all permissions have been granted and I can succesfully trigger playbooks manually with the local account. Sentinel and playbooks share the same resoruce group.

Through Lighthouse I have granted the "service provider" tenant these roles to customer's resource group: Microsoft Sentinel Contributor, Logic App Contributor, Managed Services Registration assignment Delete Role, Reader and Template Spec Contributor. I have access to the customer's Sentinel through the service provider tenant , and in the service provider tenant I can succesfully create a playbook.

 

The problem is when I try to manually trigger the playbook I created in the service provider tenant, I receive this error:

"Caller is missing required playbook triggering permissions on playbook resource '[RESOURCE]', or Microsoft Sentinel is missing required permissions to verify the caller has permissions".

 

What permisson do I miss? I can't find any documents that describes what I'm missing.

Labels:
374 Views
0 Likes
3 Replies
Reply
3 Replies
pednie

‎Oct 05 2023 03:30 AM - edited ‎Oct 05 2023 03:31 AM

‎Oct 05 2023 03:30 AM - edited ‎Oct 05 2023 03:31 AM

Re: Problem with Playbook permissions through Lighthouse

Thank you for the articles! I haven't actually found those two articles. I followed the last article and found the relevant information under
"An automation rule created in the customer workspace (while signed into the service provider tenant) is configured to run a playbook located in the customer tenant" which linked to this: https://learn.microsoft.com/en-us/azure/sentinel/tutorial-respond-threats-playbook?tabs=LAC%2Cincide...

Azure Security Insights in service provider tenant was missing Microsoft Sentinel Automation Contributor role. I added the role through Lighthouse and my issue is resolved.

Thank you for help!

0 Likes
Reply
AliAhmedDar

‎Oct 23 2023 08:09 AM

‎Oct 23 2023 08:09 AM

Re: Problem with Playbook permissions through Lighthouse

@pednie i have a question for you and for maybe @Clive_Watson 

I am managing a customer's Sentinel and want to run response playbooks from under the Incidents tab.

None of the resources are in my sentinel, infact I do not have any sentinel deployed. Still do I need to delegate Automation Contributor role to the Azure Security Insights app ? 

If yes, I do not see it the Enterprise applications menu

 

0 Likes
Reply