Mar 25 2020 05:47 PM
We are trying to enable the HelpDesk/Support folks to have visibility of the Workbooks (Dashboards) so that they can see details around Azure MFA & Insecure Protocol usage, etc...
What is the best way of achieving this while ensuring that the same users don't have full access to ALL of Sentinel? These users need access/visibility to the Workbooks.
One thought was to use the "Workbooks" from the Azure Portal under AAD > Monitoring location:
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Workbooks
But this seems to pointing to a different Log Analytics workspace instance?
Or is there a way of achieving this via RBAC or Roles within Sentinel?
Does this make sense?
Mar 25 2020 06:18 PM
It almost looks like the best place to do this is straight out of the Log Anaytics page?
Then share from there? Or is there a better way to do this?
Mar 26 2020 05:07 AM
@David Caddick Your Helpdesk crew will need at least Azure Sentinel reader and Log Analytics reader roles to view the Workbook. Then you can just provide them the "share" link for each Workbook you want them to have access to.