Skip to main content Link Menu Expand (external link) Document Search Copy Copied
TechExcel Sentinel onboarding

Task 3.3: Add Role-based permission assignments

In this task you’ll configure roles and permissions for Microsoft Sentinel to access the appropriate services.

The following documents may help you complete this task.

  1. For the Owner permissions, on the upper left, select the hamburger icon Hamburger-Menu.png, then select Resource groups.

  2. On the Resource groups page, in the list of resource groups select RG1.

  3. On the RG1 pane, in the left navigation select Access control (IAM).

  4. On the RG1 Access control (IAM) page, on the menu, select + Add > Add role assignment.

    addroleassignment.png

  5. On the Add role assignment page select the Privileged administrator roles tab.

    privileged-administrator-roles.png

  6. In the Search by role name, description, or ID search box, search for and select Owner and then select Next.

    addroleassignmentowner.png

  7. On the Add role assignment page, on the Members tab select + Select members.

    selectmembers.png

  8. On the Select members panel, in the Search by name or email address search box, search for and select @lab.CloudPortalCredential(User1).Username and then select Select.

  9. On the Add role assignment page, select Next to progress to the Conditions tab.

  10. In the What user can do option select Allow user to assign all roles (highly privileged) and then select Review + assign.

    role-assignment-conditions.png

  11. Select Review + assign.

  12. For the Logic App Contributor permissions, on the RG1 Access control (IAM) page, select + Add and then select Add role assignment.

    addroleassignment.png

  13. In the Search by role name, description, or ID search box, search for and select Logic App Contributor and then select Next.

    selectlogicappcontributor.png

  14. On the Add role assignment page, on the Members tab, select + Select members.

    selectmembers.png

  15. On the Select members panel, in the Search by name or email address search box, search for and select @lab.CloudPortalCredential(User1).Username and then select Select.

  16. On the Add role assignment page, select Next.

  17. Select Review + assign.

  18. For the Microsoft Sentinel Contributor permissions, on the RG1 Access control (IAM) page, select + Add and then select Add role assignment.

  19. In the Search by role name, description, or ID search box, search for and select Microsoft Sentinel Contributor, and then select Next.

    selectmicrosoftsentinelcontributor.png

  20. On the Add role assignment page, on the Members tab, set the Assign access to field to Managed identity and then select + Select members.

    selectmanagedidentitymembers.png

  21. On the Select managed identities panel in the Managed identity field select Logic app (1).

  22. Select the managed identity Add-HostToWatchlist-IncidentTrigger and then select Select.

    selectmanagedidentity.png

  23. On the Add role assignment page, select Next and then select Review + assign.