top of page

Granted permission “Sentinel Reader” or “Sentinel Responder” but the Sentinel is not visible ?

I often ran in scenario where I granted permission “Log Analytics Reader” and “Microsoft Sentinel Reader” or “Microsoft Sentinel Responder” to the users from the Log Analytics workspace.

But when users log into the Azure Portal, they cant see Sentinel workspace. However, Log analytics workspace is visible to them but still they cant see ‘Microsoft Sentinel Workspace’.

Resolution Permissions like “Microsoft Sentinel Reader” or “Microsoft Sentinel Responder” should be provided over the resource group that host the Microsoft Sentinel workspace. This way, the roles apply to all the resources that support Microsoft Sentinel, as these resources are placed in the same resource group.

47 views0 comments

Recent Posts

See All

As a member of a Security Operations Center (SOC), one of the key responsibilities is to generate regular reports on incidents. These reports provide valuable insights into the security landscape and

bottom of page