Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
Microsoft Sentinel cannot invoke playbook – missing required permissions despite correct IAM
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 56.00000000000001%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Spencer Hauck
0
Reputation points
We are encountering a Microsoft Sentinel automation/playbook execution failure. Error: "Failed to trigger playbook – Missing required permissions for Microsoft Sentinel on the playbook resource" Details: - Playbook is Logic App (Consumption) - Trigger: When a Microsoft Sentinel incident is created - Same region as Sentinel workspace - System-assigned managed identity enabled - Workspace IAM: Microsoft Sentinel Responder assigned to Logic App MI - Logic App IAM: Contributor assigned to Microsoft Sentinel service principal - Manual "Run playbook" from Sentinel incident fails with the same error - Automation rule also fails / playbook is greyed out This persists after recreating the playbook and reapplying all permissions. This appears to be a Sentinel service authorization / playbook binding issue rather than IAM misconfiguration. Requesting assistance to reinitialize or repair the Sentinel playbook authorization for this workspace.
Azure Logic Apps
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 92%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Sridevi Machavarapu 26,355 Reputation points Microsoft External Staff Moderator2026-04-08T21:10:45.2433333+00:00 Hello Spencer Hauck,
Your understanding is correct this does not appear to be a typical IAM issue. Based on the behavior (playbook greyed out, manual run failing, and persisting after recreation), this points to a Sentinel authorization or binding issue.
Please check the following:
- In the Logic App → Access Control (IAM) Ensure Microsoft Sentinel (Azure Security Insights) has Contributor or Logic App Contributor assigned at the Logic App scope
- In Sentinel → Automation → Playbooks Remove the playbook and add it again, then wait a few minutes before testing
- In the Logic App → Identity Turn System-assigned identity OFF and ON, then reassign the role
Note that assigning Microsoft Sentinel Responder to the Logic App managed identity does not impact triggering, since Sentinel uses its own service principal.
As per Microsoft Sentinel documentation, Sentinel runs playbooks using its service principal, which must have the required permissions on the Logic App. If these permissions are not properly applied or refreshed, the playbook may appear greyed out or fail to trigger.
Sign in to comment
Sign in to answer