Merge pull request #253299 from austinmccollum/austinmc--roles-update

update roles

Author: prmerger-automator[bot]

articles/sentinel/connect-mdti-data-connector.md

@@ -16,7 +16,7 @@ Bring high fidelity indicators of compromise (IOC) generated by Microsoft Defend
 >
 
 ## Prerequisites
-- In order to install, update and delete standalone content or solutions in content hub, you need the **Template Spec Contributor** role at the resource group level. See [Azure RBAC built in roles](../role-based-access-control/built-in-roles.md#template-spec-contributor) for details on this role.
+- In order to install, update and delete standalone content or solutions in content hub, you need the **Microsoft Sentinel Contributor** role at the resource group level.
 - To configure this data connector, you must have read and write permissions to the Microsoft Sentinel workspace.
 
 ## Install the Threat Intelligence solution in Microsoft Sentinel

articles/sentinel/connect-threat-intelligence-taxii.md

@@ -22,7 +22,7 @@ To import STIX formatted threat indicators to Microsoft Sentinel from a TAXII se
 Learn more about [Threat Intelligence](understand-threat-intelligence.md) in Microsoft Sentinel, and specifically about the [TAXII threat intelligence feeds](threat-intelligence-integration.md#taxii-threat-intelligence-feeds) that can be integrated with Microsoft Sentinel.
 
 ## Prerequisites  
-- In order to install, update and delete standalone content or solutions in content hub, you need the **Template Spec Contributor** role at the resource group level. See [Azure RBAC built in roles](../role-based-access-control/built-in-roles.md#template-spec-contributor) for details on this role.
+- In order to install, update and delete standalone content or solutions in content hub, you need the **Microsoft Sentinel Contributor** role at the resource group level.
 - You must have read and write permissions to the Microsoft Sentinel workspace to store your threat indicators.
 - You must have a TAXII 2.0 or TAXII 2.1 **API Root URI** and **Collection ID**.
 

articles/sentinel/connect-threat-intelligence-tip.md

@@ -28,7 +28,7 @@ Learn more about [Threat Intelligence](understand-threat-intelligence.md) in Mic
 
 ## Prerequisites  
 
-- In order to install, update and delete standalone content or solutions in content hub, you need the **Template Spec Contributor** role at the resource group level. See [Azure RBAC built in roles](../role-based-access-control/built-in-roles.md#template-spec-contributor) for details on this role.
+- In order to install, update and delete standalone content or solutions in content hub, you need the **Microsoft Sentinel Contributor** role at the resource group level.
 - You must have either the **Global administrator** or **Security administrator** Azure AD roles in order to grant permissions to your TIP product or to any other custom application that uses direct integration with the Microsoft Graph Security tiIndicators API.
 - You must have read and write permissions to the Microsoft Sentinel workspace to store your threat indicators.
 

articles/sentinel/connect-threat-intelligence-upload-api.md

@@ -27,7 +27,7 @@ Learn more about [Threat Intelligence](understand-threat-intelligence.md) in Mic
 **See also**: [Connect Microsoft Sentinel to STIX/TAXII threat intelligence feeds](connect-threat-intelligence-taxii.md)
 
 ## Prerequisites  
-- In order to install, update and delete standalone content or solutions in content hub, you need the **Template Spec Contributor** role at the resource group level. See [Azure RBAC built in roles](../role-based-access-control/built-in-roles.md#template-spec-contributor) for details on this role.
+- In order to install, update and delete standalone content or solutions in content hub, you need the **Microsoft Sentinel Contributor** role at the resource group level.
 - You must have read and write permissions to the Microsoft Sentinel workspace to store your threat indicators.
 - You must be able to register an Azure Active Directory (Azure AD) application. 
 - The Azure AD application must be granted the Microsoft Sentinel contributor role at the workspace level.

articles/sentinel/quickstart-onboard.md

@@ -27,8 +27,8 @@ Microsoft Sentinel comes with many data connectors for Microsoft products such a
 
     - To enable Microsoft Sentinel, you need **contributor** permissions to the subscription in which the Microsoft Sentinel workspace resides.
 
-    - To use Microsoft Sentinel, you need either **contributor** or **reader** permissions on the resource group that the workspace belongs to.
-    - To install or manage solutions in the content hub, you need the **Template Spec Contributor** role on the resource group that the workspace belongs to.
+    - To use Microsoft Sentinel, you need either **Microsoft Sentinel Contributor** or **Microsoft Sentinel Reader** permissions on the resource group that the workspace belongs to.
+    - To install or manage solutions in the content hub, you need the **Microsoft Sentinel Contributor** role on the resource group that the workspace belongs to.
 
 - **Microsoft Sentinel is a paid service**. Review the [pricing options](https://go.microsoft.com/fwlink/?linkid=2104058) and the [Microsoft Sentinel pricing page](https://azure.microsoft.com/pricing/details/azure-sentinel/).
 

articles/sentinel/roles.md

@@ -3,7 +3,7 @@ title: Roles and permissions in Microsoft Sentinel
 description: Learn how Microsoft Sentinel assigns permissions to users using Azure role-based access control, and identify the allowed actions for each role.
 author: yelevin
 ms.topic: conceptual
-ms.date: 06/06/2023
+ms.date: 09/29/2023
 ms.author: yelevin
 ---
 
@@ -23,7 +23,7 @@ Use Azure RBAC to create and assign roles within your security operations team t
 
 - [**Microsoft Sentinel Responder**](../role-based-access-control/built-in-roles.md#microsoft-sentinel-responder) can, in addition to the above, manage incidents (assign, dismiss, etc.).
 
-- [**Microsoft Sentinel Contributor**](../role-based-access-control/built-in-roles.md#microsoft-sentinel-contributor) can, in addition to the above, create and edit workbooks, analytics rules, and other Microsoft Sentinel resources.
+- [**Microsoft Sentinel Contributor**](../role-based-access-control/built-in-roles.md#microsoft-sentinel-contributor) can, in addition to the above, install and update solutions from content hub, create and edit workbooks, analytics rules, and other Microsoft Sentinel resources.
 
 - [**Microsoft Sentinel Playbook Operator**](../role-based-access-control/built-in-roles.md#microsoft-sentinel-playbook-operator) can list, view, and manually run playbooks.
 
@@ -41,7 +41,7 @@ Users with particular job requirements may need to be assigned other roles or sp
 
 - **Install and manage out-of-the-box content**
 
-    Find packaged solutions for end-to-end products or standalone content from the content hub in Microsoft Sentinel. To install and manage content from the content hub, assign the [**Template Spec Contributor**](../role-based-access-control/built-in-roles.md#template-spec-contributor) role at the resource group level.
+    Find packaged solutions for end-to-end products or standalone content from the content hub in Microsoft Sentinel. To install and manage content from the content hub, assign the **Microsoft Sentinel Contributor** role at the resource group level. For some solutions, the [**Template Spec Contributor**](../role-based-access-control/built-in-roles.md#template-spec-contributor) role is still required.
 
 - **Automate responses to threats with playbooks**
 
@@ -83,13 +83,15 @@ This table summarizes the Microsoft Sentinel roles and their allowed actions in
 |---|---|---|---|---|---|--|
 | Microsoft Sentinel Reader | -- | -- | --[*](#workbooks) | -- | ✓ | --|
 | Microsoft Sentinel Responder | -- | -- | --[*](#workbooks) | ✓ | ✓ | --|
-| Microsoft Sentinel Contributor | -- | -- | ✓ | ✓ | ✓ | --|
+| Microsoft Sentinel Contributor | -- | -- | ✓ | ✓ | ✓ | ✓|
 | Microsoft Sentinel Playbook Operator | ✓ | -- | -- | -- | -- | --|
 | Logic App Contributor | ✓ | ✓ | -- | -- | -- |-- |
-| Template Spec Contributor |  -- |  -- | -- | -- | -- |✓  |
+| Template Spec Contributor |  -- |  -- | -- | -- | -- |✓[**](#content-hub)  |
 
 <a name=workbooks></a>* Users with these roles can create and delete workbooks with the [Workbook Contributor](../role-based-access-control/built-in-roles.md#workbook-contributor) role. Learn about [Other roles and permissions](#other-roles-and-permissions).
 
+<a name=content-hub></a>** The requirement for the Template Spec Contributor role to install and manage content from content hub is still required for some edge cases in addition to Microsoft Sentinel Contributor.
+
 Review the [role recommendations](#role-and-permissions-recommendations) for which roles to assign to which users in your SOC.
 
 ## Custom roles and advanced Azure RBAC
@@ -112,7 +114,7 @@ After understanding how roles and permissions work in Microsoft Sentinel, you ca
 | --------- | --------- | --------- | --------- |
 | **Security analysts**     | [Microsoft Sentinel Responder](../role-based-access-control/built-in-roles.md#microsoft-sentinel-responder)        | Microsoft Sentinel's resource group        | View data, incidents, workbooks, and other Microsoft Sentinel resources. <br><br>Manage incidents, such as assigning or dismissing incidents.        |
 |     | [Microsoft Sentinel Playbook Operator](../role-based-access-control/built-in-roles.md#microsoft-sentinel-playbook-operator)        | Microsoft Sentinel's resource group, or the resource group where your playbooks are stored        | Attach playbooks to analytics and automation rules. <br>Run playbooks.        |
-|**Security engineers**     | [Microsoft Sentinel Contributor](../role-based-access-control/built-in-roles.md#microsoft-sentinel-contributor)       |Microsoft Sentinel's resource group         |   View data, incidents, workbooks, and other Microsoft Sentinel resources. <br><br>Manage incidents, such as assigning or dismissing incidents. <br><br>Create and edit workbooks, analytics rules, and other Microsoft Sentinel resources.      |
+|**Security engineers**     | [Microsoft Sentinel Contributor](../role-based-access-control/built-in-roles.md#microsoft-sentinel-contributor)       |Microsoft Sentinel's resource group         |   View data, incidents, workbooks, and other Microsoft Sentinel resources. <br><br>Manage incidents, such as assigning or dismissing incidents. <br><br>Create and edit workbooks, analytics rules, and other Microsoft Sentinel resources.<br><br>Install and update solutions from content hub.  |
 |     | [Logic Apps Contributor](../role-based-access-control/built-in-roles.md#logic-app-contributor)        | Microsoft Sentinel's resource group, or the resource group where your playbooks are stored        | Attach playbooks to analytics and automation rules. <br>Run and modify playbooks.         |
 ||[Template Spec Contributor](../role-based-access-control/built-in-roles.md#template-spec-contributor)|Microsoft Sentinel's resource group    |Install and manage content from the content hub.|
 |  **Service Principal**   | [Microsoft Sentinel Contributor](../role-based-access-control/built-in-roles.md#microsoft-sentinel-contributor)      |  Microsoft Sentinel's resource group       | Automated configuration for management tasks |

articles/sentinel/sentinel-solutions-deploy.md

@@ -3,7 +3,7 @@ title: Discover and deploy Microsoft Sentinel out-of-the-box content from Conten
 description: Learn how to find and deploy Sentinel packaged solutions containing data connectors, analytics rules, hunting queries, workbooks, and other content.
 author: austinmccollum
 ms.topic: how-to
-ms.date: 06/22/2023
+ms.date: 09/29/2023
 ms.author: austinmc
 ---
 
@@ -25,7 +25,7 @@ If you're a partner who wants to create your own solution, see the [Microsoft Se
 
 ## Prerequisites
 
-In order to install, update and delete standalone content or solutions in content hub, you need the **Template Spec Contributor** role at the resource group level. See [Azure RBAC built in roles](../role-based-access-control/built-in-roles.md#template-spec-contributor) for details on this role. 
+In order to install, update and delete standalone content or solutions in content hub, you need the **Microsoft Sentinel Contributor** role at the resource group level. In addition, the **Template Spec Contributor** role is still required for some edge cases. See [Azure RBAC built in roles](../role-based-access-control/built-in-roles.md#template-spec-contributor) for details on this role. 
 
 This is in addition to Sentinel specific roles. For more information about other roles and permissions supported for Microsoft Sentinel, see [Permissions in Microsoft Sentinel](roles.md).