Not getting Admin Access on Defender for Sentinel

Hello Guneet Sehgal

This error (403) typically means the admin of the tenant has not given the permission to access the "Admin Portal" with a non-administrator account.

Refer to this article - https://dori-uw-1.kuma-moon.com/en-us/azure/active-directory/fundamentals/users-default-permissions which talks about the kind of permissions a user has, and type of restrictions admin can apply within the Azure AD to restrict access.

Below are the steps: -

Requires someone with Owner on the scope to assign roles.

1. In Azure portal → go to Log Analytics workspaces → select the workspace that hosts Sentinel.
2. Access control (IAM) → Add → Add role assignment.
3. Assign:
   • Microsoft Sentinel Contributor (for managing Sentinel), and
   • Log Analytics Reader (to read data). Alternatively, assign Contributor at the resource group if broader rights are acceptable.

For your reference: https://dori-uw-1.kuma-moon.com/en-us/azure/sentinel/roles

Please let us know if you need any further assistance.

Thanks

A 403 “No access” in Microsoft Sentinel almost always comes down to Azure RBAC at the Log Analytics workspace / resource group / subscription scopes—not Entra ID/M365 roles. Since your payload shows an empty subscriptionId and "details":"No access", the portal can’t resolve your access at the target scope, so it blocks you.

Assign the right Azure RBAC roles at workpsace scope.

For Sentinel, Azure RBAC is what matters. Assign at Workspace (or Resource Group) level:

• Microsoft Sentinel Contributor → manage Sentinel resources (analytics rules, incidents, hunting, etc.)
• Log Analytics Contributor → configure workspace settings and data collection
• Contributor (or Owner) on Resource Group if you’ll deploy solutions, automation rules, playbooks (Logic Apps), etc.