История

liortamirmicrosoft c9df239eab Auto Connect ASC New commit with a folder including a readme		2020-05-17 17:09:41 +03:00
..
azuredeploy.json	Auto Connect ASC	2020-05-17 17:09:41 +03:00
readme.md	Auto Connect ASC	2020-05-17 17:09:41 +03:00

readme.md

AutoConnect-ASCSubscriptions

author: Lior Tamir

The playbook is triggered on a scheduled basis. It is running on behalf of a registered Azure AD application, which monitors a certain management group. For each subscription this app has access to, if the subscription doesn't have an Azure Security Center connection enabled, a connection to Azure Sentinel is created.

The registered application needs to have the following RBAC Roles:

Security Reader Role on the Management Group which ASC subscriptions are under. This is required for listing all available subscriptions, including new ones which are not connected yet. In some organizations, it is the Root Management Group.
Azure Sentinel Contributor Role on the Azure Sentinel workspace. This is required for checking if a connection exists for a certain subscription, and for creating the connection rule from a not connected subscription to Azure Sentinel.

Documentation references:

Azure Management groups as containers of subscriptions to monitor

Learn more about Azure Management Groups

Azure Active Directory registered application, assigned with RBAC roles

Learn more about applications in Azure Active Directory.