Open dlaarschot opened 3 years ago
Adding @tianderturpijn @javiersoriano if there is an update on SPN work
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @AzmonLogA.
Author: | dlaarschot |
---|---|
Assignees: | leni-msft, akning-ms |
Labels: | `Monitor - LogAnalytics`, `Service Attention`, `needs-triage`, `question` |
Milestone: | - |
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @chlahav.
Author: | dlaarschot |
---|---|
Assignees: | - |
Labels: | `Security`, `Service Attention`, `question` |
Milestone: | - |
fwiw, I'm experiencing this issue and haven't been able to find a fix for it.
Is there any update on this bug? It's been almost 3 years. Any sort of feedback on whether this is a bug and when it would be taken into account for a fix would be welcome.
I believe this is still an issue as this is not possible to add this with an User Assigned Managed Identity either using a bicep/arm template. It does not define what permissions are missing, neither could I find anything in the docs.
@EDIT
I think the issue here was that the account deploying those resources did not have an AAD role of Security Administrator - I have since moved to GH Federated Credentials as before I was deploying that over a managed identity over lighthouse, so that eliminated the 'spn not being in the customers tenant' issue for me.
Morning,
I am currently trying to create a new data connector to O365 with the Sentinel API. Using the address https://management.azure.com/subscriptions/**SUB_ID**/resourceGroups/**MYRG**/providers/Microsoft.OperationalInsights/workspaces/**WSNAME**/providers/Microsoft.SecurityInsights/dataConnectors/**GUID**?api-version=2020-01-01.
If I send a PUT request with my auth token then the connector is created and works fine. If we send the request from a service principal login with full access to the Azure Management API and Office 365 I get an unauthorized response. I have used the documentation from https://docs.microsoft.com/en-us/rest/api/securityinsights/dataconnectors/createorupdate which does not indicate what permissions are required for a service principal account to access the API. Is there permissions that are not documented that are required for access to this API or is this a bug.