AzRoleAdvertizer

last sync: 2025-Jun-20 17:23:26 UTC

Microsoft Sentinel Responder

Azure BuiltIn RBAC Role definition

NameMicrosoft Sentinel Responder
Microsoft Learn
Id3e150937-b8fe-4cfb-8069-0eaf05ecd056
DescriptionMicrosoft Sentinel Responder
CategorySecurity
Microsoft Learn
CreatedOn2019-08-28 16:54:07 UTC
UpdatedOn2024-04-03 15:49:45 UTC
Permissions summary Effective control plane and data plane operations: 956 (unique operations)
•Action: 21
•Delete: 5
•read: 919
•Write: 11

Actions: 29
Resolved control plane operations from Actions: 961
Effective control plane operations: 956
•Action: 21
•Delete: 5
•read: 919
•Write: 11

NotActions: 4
Resolved control plane operations from NotActions: 7
Effective denied control plane operations: 15741

DataActions: 0
Resolved data plane operations: 0
Effective data plane operations: 0

NotDataActions: 0
Resolved data plane operations from NotDataActions: 0
Effective denied data plane operations: 3565
Actions
Operation Description
Microsoft.Authorization/*/readwildcarded / no description
Microsoft.Insights/alertRules/*wildcarded / no description
Microsoft.Insights/myworkbooks/readno description given
Microsoft.Insights/workbooks/readRead a workbook
Microsoft.OperationalInsights/querypacks/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/analytics/query/actionSearch using new engine.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/dataSources/readGet data source under a workspace.
Microsoft.OperationalInsights/workspaces/query/*/readwildcarded / no description
Microsoft.OperationalInsights/workspaces/query/readRun queries over the data in the workspace
Microsoft.OperationalInsights/workspaces/savedSearches/readGets a saved search query.
Microsoft.OperationsManagement/solutions/readGet exiting OMS solution
Microsoft.Resources/deployments/*wildcarded / no description
Microsoft.Resources/subscriptions/resourceGroups/readGets or lists resource groups.
Microsoft.SecurityInsights/*/readwildcarded / no description
Microsoft.SecurityInsights/automationRules/*wildcarded / no description
Microsoft.SecurityInsights/businessApplicationAgents/systems/undoAction/actionUndoes an action
Microsoft.SecurityInsights/cases/*wildcarded / no description
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/actionCheck user authorization and license
Microsoft.SecurityInsights/entities/runPlaybook/actionRun playbook on entity
Microsoft.SecurityInsights/incidents/*wildcarded / no description
Microsoft.SecurityInsights/threatIntelligence/bulkTag/actionBulk Tags Threat Intelligence
Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/actionAppend tags to Threat Intelligence Indicator
Microsoft.SecurityInsights/threatIntelligence/indicators/appendTags/actionAppend tags to Threat Intelligence Indicator
Microsoft.SecurityInsights/threatIntelligence/indicators/query/actionQuery Threat Intelligence Indicators
Microsoft.SecurityInsights/threatIntelligence/indicators/replaceTags/actionReplace Tags of Threat Intelligence Indicator
Microsoft.SecurityInsights/threatIntelligence/queryIndicators/actionQuery Threat Intelligence Indicators
Microsoft.Support/*wildcarded / no description
NotActions
Operation Description
Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*wildcarded / no description
Microsoft.SecurityInsights/cases/*/Deletewildcarded / no description
Microsoft.SecurityInsights/ConfidentialWatchlists/*wildcarded / no description
Microsoft.SecurityInsights/incidents/*/Deletewildcarded / no description
DataActions n/a
NotDataActions n/a
Used in
BuiltIn Policy		 none
History
Date/Time (UTC ymd) (i) Change Change detail
2024-04-04 18:27:29 change: Actions Actions: 'add Microsoft.SecurityInsights/businessApplicationAgents/systems/undoAction/action'
2024-01-30 18:39:38 change: Actions Actions: 'add Microsoft.SecurityInsights/entities/runPlaybook/action'
2022-08-02 16:33:17 change: DisplayName, Description, NotActions New DisplayName: 'Microsoft Sentinel Responder'
Old DisplayName: 'Azure Sentinel Responder',
New Description: 'Microsoft Sentinel Responder'
Old Description: 'Azure Sentinel Responder',
NotActions: 'add Microsoft.SecurityInsights/ConfidentialWatchlists/*; add Microsoft.OperationalInsights/workspaces/query/ConfidentialWatchlist/*'
2021-08-05 14:48:34 change: Actions Actions: 'add Microsoft.OperationalInsights/querypacks/*/read'
2020-12-08 15:44:03 change: Actions Actions: 'add Microsoft.SecurityInsights/automationRules/*'
2020-11-09 14:42:02 change: NotActions NotActions: 'add Microsoft.SecurityInsights/cases/*/Delete; add Microsoft.SecurityInsights/incidents/*/Delete'
2020-11-04 15:39:11 change: Actions Actions: 'add Microsoft.Insights/myworkbooks/read'
JSON
api-version=2023-07-01-preview
Condition none