top of page

Granted permission “Sentinel Reader” or “Sentinel Responder” but the Sentinel is not visible ?

I often ran in scenario where I granted permission “Log Analytics Reader” and “Microsoft Sentinel Reader” or “Microsoft Sentinel Responder” to the users from the Log Analytics workspace.

But when users log into the Azure Portal, they cant see Sentinel workspace. However, Log analytics workspace is visible to them but still they cant see ‘Microsoft Sentinel Workspace’.

Resolution Permissions like “Microsoft Sentinel Reader” or “Microsoft Sentinel Responder” should be provided over the resource group that host the Microsoft Sentinel workspace. This way, the roles apply to all the resources that support Microsoft Sentinel, as these resources are placed in the same resource group.

48 views0 comments

Recent Posts

See All

Optimizing Microsoft Sentinel (SIEM) Environment

In the ever-evolving landscape of cybersecurity, the importance of a well-optimized Sentinel Environment cannot be overstated. As threats continue to morph and adapt, security teams must engage in a c

bottom of page