Configure advanced security for Microsoft Sentinel playbooks
This article shows how to define an access restriction policy for Microsoft Sentinel Standard-plan playbooks, so that they can support private endpoints. Defining this policy will ensure that only Microsoft Sentinel will have access to the Standard logic app containing your playbook workflows.
Learn more about using private endpoints to secure traffic between Standard logic apps and Azure virtual networks.
Important
The new version of access restriction policies is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Microsoft Sentinel is available as part of the public preview for the unified security operations platform in the Microsoft Defender portal. For more information, see Microsoft Sentinel in the Microsoft Defender portal.
Define an access restriction policy
For Microsoft Sentinel in the Azure portal, select the Configuration > Automation page. For Microsoft Sentinel in the Defender portal, select Microsoft Sentinel > Configuration > Automation.
On the Automation page, select the Active playbooks tab.
Filter the list for Standard-plan apps.
Select the Plan filter.
Clear the Consumption checkbox.
Select OK.
Select a playbook to which you want to restrict access.
Select the logic app link on the playbook screen.
From the navigation menu of your logic app, under Settings, select Networking.
In the Inbound traffic area, select Access restriction.
In the Access Restrictions page, leave the Allow public access checkbox marked.
Under Site access and rules, select + Add. The Add rule panel will open to the right.
Enter the following information in the Add rule panel. The name and optional description should reflect that this rule allows only Microsoft Sentinel to access the logic app. Leave the fields not mentioned below as they are.
Field Enter or select Name Enter SentinelAccess
or another name of your choosing.Action Allow Priority Enter 1
Description Optional. Add a description of your choosing. Type Select Service Tag. Service Tag
(will appear only after you
select Service Tag above.)Search for and select AzureSentinel. Select Add rule.
Your policy should now look like this:
For more information about configuring access restriction policies in logic apps, see Set up Azure App Service access restrictions.
Next steps
In this article, you learned how to define an access restriction policy to allow only Microsoft Sentinel to access Standard-plan playbooks, so that they can support private endpoints. Learn more about playbooks and automation in Microsoft Sentinel:
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for