New Sentinel Role: Playbook Operator

A Sentinel role by any other name...

Announced as part of the recent public preview for running Playbooks against Entities, it’s worth highlighting a new role that has been created to help enable this new functionality.

Customers have been asking for this (and other expanded roles) for a long time, so moving the needle is always accepted.

The new role, Microsoft Sentinel Playbook Operator, enables analysts to Run a specific playbook (or to a Resource Group of multiple playbooks). This only makes available Run access. It does not allow an analyst to Edit the Playbook. Additionally, because it is RBAC, groups of Playbooks can be assigned to analysts managed as part of Resource Groups.

Docs: Microsoft Sentinel roles, permissions, and allowed actions

[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Learn KQL with the Must Learn KQL series and book]