From 9e47d683e52d7c94043e3f2d8ea7a8587f5cdd96 Mon Sep 17 00:00:00 2001
From: TheAlistairRoss <45040511+TheAlistairRoss@users.noreply.github.com>
Date: Wed, 8 Oct 2025 12:29:24 +0100
Subject: [PATCH 1/3] Update role requirements for Microsoft Sentinel access

The permissions prerequisites for UEBA was incorrect. Having only Log Analytics contributor or Microsoft Sentinel contributor leads to failures when enabling UEBA as the BehaviourAnalyticsInsights OMS solution would not be deployed
---
 articles/sentinel/enable-entity-behavior-analytics.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/articles/sentinel/enable-entity-behavior-analytics.md b/articles/sentinel/enable-entity-behavior-analytics.md
index 793012f91edf4..4b50bfb9a907f 100644
--- a/articles/sentinel/enable-entity-behavior-analytics.md
+++ b/articles/sentinel/enable-entity-behavior-analytics.md
@@ -32,8 +32,9 @@ To enable or disable this feature (these prerequisites aren't required to use th
 - Your user must be assigned to the Microsoft Entra ID **Security Administrator** role in your tenant or the equivalent permissions.
 
 - Your user must be assigned at least one of the following **Azure roles** ([Learn more about Azure RBAC](roles.md)):
-    - **Microsoft Sentinel Contributor** at the workspace or resource group levels.
-    - **Log Analytics Contributor** at the resource group or subscription levels.
+    - **Owner** at the at the resource group level or above.
+    - **Contributor** at the at the resource group level or above.
+    - **Microsoft Sentinel Contributor** at the workspace level or above and **Log Analytics Contributor** at the resource group level or above. (Least Privileged).
 
 - Your workspace must not have any Azure resource locks applied to it. [Learn more about Azure resource locking](../azure-resource-manager/management/lock-resources.md).
 

From f68bbdf56fe380bac9ad57e13bc3e5d90882c368 Mon Sep 17 00:00:00 2001
From: TheAlistairRoss <45040511+TheAlistairRoss@users.noreply.github.com>
Date: Wed, 8 Oct 2025 12:30:33 +0100
Subject: [PATCH 2/3] Rephrase role requirements for clarity

---
 articles/sentinel/enable-entity-behavior-analytics.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/articles/sentinel/enable-entity-behavior-analytics.md b/articles/sentinel/enable-entity-behavior-analytics.md
index 4b50bfb9a907f..e6adbd9978e44 100644
--- a/articles/sentinel/enable-entity-behavior-analytics.md
+++ b/articles/sentinel/enable-entity-behavior-analytics.md
@@ -34,7 +34,7 @@ To enable or disable this feature (these prerequisites aren't required to use th
 - Your user must be assigned at least one of the following **Azure roles** ([Learn more about Azure RBAC](roles.md)):
     - **Owner** at the at the resource group level or above.
     - **Contributor** at the at the resource group level or above.
-    - **Microsoft Sentinel Contributor** at the workspace level or above and **Log Analytics Contributor** at the resource group level or above. (Least Privileged).
+    - (Least privileged) **Microsoft Sentinel Contributor** at the workspace level or above and **Log Analytics Contributor** at the resource group level or above.
 
 - Your workspace must not have any Azure resource locks applied to it. [Learn more about Azure resource locking](../azure-resource-manager/management/lock-resources.md).
 

From 68da4c9a1cc43a633ec4ab3b64b91c505d9e0f00 Mon Sep 17 00:00:00 2001
From: TheAlistairRoss <45040511+TheAlistairRoss@users.noreply.github.com>
Date: Wed, 8 Oct 2025 18:41:19 +0100
Subject: [PATCH 3/3] Update
 articles/sentinel/enable-entity-behavior-analytics.md

Removed duplicate words

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 articles/sentinel/enable-entity-behavior-analytics.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/articles/sentinel/enable-entity-behavior-analytics.md b/articles/sentinel/enable-entity-behavior-analytics.md
index e6adbd9978e44..580e4fe29fbdd 100644
--- a/articles/sentinel/enable-entity-behavior-analytics.md
+++ b/articles/sentinel/enable-entity-behavior-analytics.md
@@ -32,8 +32,8 @@ To enable or disable this feature (these prerequisites aren't required to use th
 - Your user must be assigned to the Microsoft Entra ID **Security Administrator** role in your tenant or the equivalent permissions.
 
 - Your user must be assigned at least one of the following **Azure roles** ([Learn more about Azure RBAC](roles.md)):
-    - **Owner** at the at the resource group level or above.
-    - **Contributor** at the at the resource group level or above.
+    - **Owner** at the resource group level or above.
+    - **Contributor** at the resource group level or above.
     - (Least privileged) **Microsoft Sentinel Contributor** at the workspace level or above and **Log Analytics Contributor** at the resource group level or above.
 
 - Your workspace must not have any Azure resource locks applied to it. [Learn more about Azure resource locking](../azure-resource-manager/management/lock-resources.md).