I often ran in scenario where I granted permission “Log Analytics Reader” and “Microsoft Sentinel Reader” or “Microsoft Sentinel Responder” to the users from the Log Analytics workspace.
But when users log into the Azure Portal, they cant see Sentinel workspace. However, Log analytics workspace is visible to them but still they cant see ‘Microsoft Sentinel Workspace’.
Resolution Permissions like “Microsoft Sentinel Reader” or “Microsoft Sentinel Responder” should be provided over the resource group that host the Microsoft Sentinel workspace. This way, the roles apply to all the resources that support Microsoft Sentinel, as these resources are placed in the same resource group.
Comments