Skip to content

Enhance role assignment details for Microsoft Sentinel onboarding#531

Open
Khadinxc wants to merge 1 commit into
MicrosoftDocs:publicfrom
Khadinxc:public
Open

Enhance role assignment details for Microsoft Sentinel onboarding#531
Khadinxc wants to merge 1 commit into
MicrosoftDocs:publicfrom
Khadinxc:public

Conversation

@Khadinxc

@Khadinxc Khadinxc commented Jul 3, 2026

Copy link
Copy Markdown

This pull request updates the onboarding requirements for Microsoft Sentinel in the Defender portal documentation. The main change is a clarification and expansion of the required scope for role assignments, specifying the necessary scopes for each role involved in the onboarding process.

Role assignment scope clarification:

  • The "Scope" column for onboarding Microsoft Sentinel now specifies that the Owner role requires a subscription scope, while the User Access Administrator requires a subscription scope and the Microsoft Sentinel Contributor requires a resource group scope. This clarifies the minimum scope needed for each role during onboarding.Updated role requirements for onboarding Microsoft Sentinel to include additional subscription and resource group conditions.

Updated role requirements for onboarding Microsoft Sentinel to include additional subscription and resource group conditions.
@prmerger-automator

Copy link
Copy Markdown
Contributor

@Khadinxc : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod

Copy link
Copy Markdown
Contributor

Learn Build status updates of commit 7f1796f:

✅ Validation status: passed

File Status Preview URL Details
unified-secops-platform/microsoft-sentinel-onboard.md ✅Succeeded

For more details, please refer to the build report.

@v-dirichards

Copy link
Copy Markdown
Contributor

@mberdugo

Can you review the proposed changes?

Important: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator Bot added the aq-pr-triaged Tracking label for the vendor PR Review team label Jul 8, 2026
@prmerger-automator

Copy link
Copy Markdown
Contributor

@Khadinxc : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request updates the Microsoft Sentinel onboarding prerequisites in Defender portal documentation to better specify the minimum Azure RBAC scope required for each role option used during onboarding.

Changes:

  • Expanded the Scope guidance for the onboarding task to differentiate subscription vs. resource group requirements by role.
  • Clarified the role-assignment scope expectations when using the alternative role combination (User Access Administrator + Microsoft Sentinel Contributor).

|Task |Microsoft Entra or Azure built-in role required |Scope |
|---------|---------|---------|
|**Onboard Microsoft Sentinel to the Defender portal**<sup>1</sup>| At least a [Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) in Microsoft Entra ID <br><br> [Owner](/azure/role-based-access-control/built-in-roles#owner) (unconditional role assignment)<br> OR <br>[User Access Administrator](/azure/role-based-access-control/built-in-roles#user-access-administrator) and [Microsoft Sentinel Contributor](/azure/role-based-access-control/built-in-roles#microsoft-sentinel-contributor) |Tenant<br><br><br>- Subscription for Owner role|
|**Onboard Microsoft Sentinel to the Defender portal**<sup>1</sup>| At least a [Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) in Microsoft Entra ID <br><br> [Owner](/azure/role-based-access-control/built-in-roles#owner) (unconditional role assignment)<br> OR <br>[User Access Administrator](/azure/role-based-access-control/built-in-roles#user-access-administrator) and [Microsoft Sentinel Contributor](/azure/role-based-access-control/built-in-roles#microsoft-sentinel-contributor) |Tenant<br><br><br>- Subscription for Owner role<br> OR <br>- Subscription for User Access Administrator<br>- Resource Group for Microsoft Sentinel Contributor|
|Task |Microsoft Entra or Azure built-in role required |Scope |
|---------|---------|---------|
|**Onboard Microsoft Sentinel to the Defender portal**<sup>1</sup>| At least a [Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) in Microsoft Entra ID <br><br> [Owner](/azure/role-based-access-control/built-in-roles#owner) (unconditional role assignment)<br> OR <br>[User Access Administrator](/azure/role-based-access-control/built-in-roles#user-access-administrator) and [Microsoft Sentinel Contributor](/azure/role-based-access-control/built-in-roles#microsoft-sentinel-contributor) |Tenant<br><br><br>- Subscription for Owner role|
|**Onboard Microsoft Sentinel to the Defender portal**<sup>1</sup>| At least a [Security Administrator](/entra/identity/role-based-access-control/permissions-reference#security-administrator) in Microsoft Entra ID <br><br> [Owner](/azure/role-based-access-control/built-in-roles#owner) (unconditional role assignment)<br> OR <br>[User Access Administrator](/azure/role-based-access-control/built-in-roles#user-access-administrator) and [Microsoft Sentinel Contributor](/azure/role-based-access-control/built-in-roles#microsoft-sentinel-contributor) |Tenant<br><br><br>- Subscription for Owner role<br> OR <br>- Subscription for User Access Administrator<br>- Resource Group for Microsoft Sentinel Contributor|
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants