MicrosoftI hope you don't mind me throwing this question in here.
I need to use a Managed Identity with a Sentinel Logic App that writes to a watchlist.
But I don't know the permissions needed for that managed identity.
eg:
https://github.com/Azure/Azure-Sentinel/tree/master/Playbooks/Watchlist-Add-IPToWatchList
Here's the powershell that should work but I'm missing 2 important pieces - in bold below:
$MIGuid = "<my managed identity ID>"
$MI = Get-AzureADServicePrincipal -ObjectId $MIGuid
$MDEAppId = "<What is the App ID for Sentinel or SecurityInsights or ??>"
$PermissionName = "<what is the permission for writing to Sentinel/watchlist?>"
$MDEServicePrincipal = Get-AzureADServicePrincipal -Filter "appId eq '$MDEAppId'"
$AppRole = $MDEServicePrincipal.AppRoles | Where-Object {$_.Value -eq $PermissionName -and $_.AllowedMemberTypes -contains "Application"}
New-AzureAdServiceAppRoleAssignment -ObjectId $MI.ObjectId -PrincipalId $MI.ObjectId ` -ResourceId $MDEServicePrincipal.ObjectId -Id $AppRole.Id
