cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Permissions required to grant Sentinel acccess

truekonrads
Brass Contributor

‎Jul 16 2020 11:28 PM

‎Jul 16 2020 11:28 PM

Permissions required to grant Sentinel acccess

Hello,

 

I am troubleshooting Sentinel access issues on Azure portal - i can access log analytics workspace but not Sentinel workspace.

 

So far the setup is such:

  • Group "Sentinel Users" to which all Sentinel users belong
  • Dedicated Resource Group "RG_Sentinel"; Sentinel Users have Owner level access.
  • At Subscription level (Sub1), Sentinel Users have "Reader" and "Azure Sentinel Contributor"

The selection for "Azure Sentinel Workspaces" (https://portal.azure.com/#blade/Microsoft_Azure_Security_Insights/WorkspaceSelectorBlade) is empty.

 

But Log Analytics workspace which belongs to the dedicated resource group "RG_Sentinel" and is associated with sentinel is readily visible and I can use it as you'd expect.

 

I've checked that Sentinel Workspace belongs to the Sub1 group and the user I'm testing belongs to "Sentinel Users" . The user is an external user.

4,431 Views
0 Likes
5 Replies
Reply
5 Replies
Gary Bushey

‎Jul 17 2020 04:06 AM

‎Jul 17 2020 04:06 AM

Re: Permissions required to grant Sentinel acccess

@truekonrads  I am not sure about why you don't see the workspace but I have a question as to why you are using an external user like that rather than using Lighthouse?   If I were to hazard a guess I would think there is something about the user being external that is causing issues.

0 Likes
Reply
truekonrads

‎Jul 18 2020 02:45 AM

‎Jul 18 2020 02:45 AM

Re: Permissions required to grant Sentinel acccess

@Gary Busheygood call on Lighthouse, we'll look to transition to this. That said, the person who was adding permissions and had Sub Owner permissions also was an external user.

 

0 Likes
Reply
truekonrads

‎Jul 18 2020 03:42 AM

‎Jul 18 2020 03:42 AM

Re: Permissions required to grant Sentinel acccess

@truekonradshowever, Lighthouse isn't the solution in principle I think, because while Sentinel can collect most data, some things in Microsoft security suite don't blend into Lighthouse - such as Win Def ATP, Azure ATA and others. If you have Senitnel and WD ATP, you still need login on customer tenant.

0 Likes
Reply
truekonrads

‎Jul 25 2020 09:24 PM

‎Jul 25 2020 09:24 PM

Re: Permissions required to grant Sentinel acccess

UPDATE: after a fairly extended period of time - several days; this issue resovled itself without anyone doing anything about it. Very annoying but glad it works
0 Likes
Reply
helenag1969

‎Nov 17 2022 11:31 AM

‎Nov 17 2022 11:31 AM

Re: Permissions required to grant Sentinel acccess

@truekonrads what did you end up doing

0 Likes
Reply