Skip to content

TheAlistairRoss Update role requirements for Microsoft Sentinel UEBA prerequisites #127705

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

TheAlistairRoss Update role requirements for Microsoft Sentinel UEBA prerequisites #127705

wants to merge 3 commits into from

Conversation

TheAlistairRoss
Copy link
Contributor

The permissions prerequisites for UEBA were incorrect. Having only Log Analytics contributor or Microsoft Sentinel contributor leads to failures when enabling UEBA as the BehaviourAnalyticsInsights OMS solution would not be deployed. Updated the required permissions with tested combinations, highlighting the least privileged permissions.

@TheAlistairRoss
Update role requirements for Microsoft Sentinel access
9e47d68 
The permissions prerequisites for UEBA was incorrect. Having only Log Analytics contributor or Microsoft Sentinel contributor leads to failures when enabling UEBA as the BehaviourAnalyticsInsights OMS solution would not be deployed
@TheAlistairRoss
Rephrase role requirements for clarity
f68bbdf
@prmerger-automator prmerger-automator bot requested a review from guywi-ms October 8, 2025 11:34
@prmerger-automator PRMerger Automator
Copy link
Contributor

@TheAlistairRoss : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit f68bbdf:

✅ Validation status: passed

File Status Preview URL Details
articles/sentinel/enable-entity-behavior-analytics.md ✅Succeeded

For more details, please refer to the build report.

@ttorble ttorble requested a review from Copilot October 8, 2025 14:56
Copilot
Copilot AI reviewed Oct 8, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the role requirements documentation for Microsoft Sentinel UEBA (User and Entity Behavior Analytics) prerequisites to fix incorrect permission specifications that were causing deployment failures of the BehaviourAnalyticsInsights OMS solution.

  • Replaced insufficient role specifications with tested combinations that successfully enable UEBA
  • Added Owner and Contributor roles as valid options for UEBA enablement
  • Introduced a least privileged option combining Microsoft Sentinel Contributor and Log Analytics Contributor with specific scope requirements

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@ttorble
Copy link
Contributor

ttorble commented Oct 8, 2025

@guywi-ms

Can you review the proposed changes?

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@prmerger-automator prmerger-automator bot added the aq-pr-triaged tracking label for the PR review team label Oct 8, 2025
@TheAlistairRoss @Copilot
Update articles/sentinel/enable-entity-behavior-analytics.md
68da4c9 
Removed duplicate words

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit 68da4c9:

❌ Validation status: errors

Please follow instructions here which may help to resolve issue.

For more details, please refer to the build report.

Note: Your PR may contain errors or warnings or suggestions unrelated to the files you changed. This happens when external dependencies like GitHub alias, Microsoft alias, cross repo links are updated. Please use these instructions to resolve them.

@v-dirichards
Copy link
Contributor

refreshing the build

@v-dirichards v-dirichards reopened this Oct 9, 2025
@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit 68da4c9:

✅ Validation status: passed

File Status Preview URL Details
articles/sentinel/enable-entity-behavior-analytics.md ✅Succeeded

For more details, please refer to the build report.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@guywi-ms guywi-ms Awaiting requested review from guywi-ms

Assignees

@guywi-ms guywi-ms

Labels

aq-pr-triaged tracking label for the PR review team Change sent to author do-not-merge microsoft-sentinel/svc

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TheAlistairRoss @ttorble @v-dirichards @guywi-ms