pulling in more transition guide content

batamig · batamig · commit 1f13871252da · 2025-05-04T12:01:54.000+03:00
diff --git a/unified-secops-platform/TOC.yml b/unified-secops-platform/TOC.yml
@@ -45,6 +45,8 @@
         href: overview-deploy.md
       - name: Connect Microsoft Sentinel to Microsoft Defender
         href: microsoft-sentinel-onboard.md
+      - name: Transition to unified SecOps by persona
+        href: transition.md
     - name: Reduce security risk
       items:
       - name: Improve security posture and reduce risk"
diff --git a/unified-secops-platform/includes/mininum-access-requirements.md b/unified-secops-platform/includes/mininum-access-requirements.md
@@ -0,0 +1,10 @@
+---
+title: Include file
+description: Include file
+ms.topic: include
+ms.date: 04/22/2025
+---
+
+The minimal required permission for an analyst to view Microsoft Sentinel data is to delegate permissions for the Azure RBAC Sentinel Reader role. These permissions are also applied to the unified portal. Without these permissions, the Microsoft Sentinel navigation menu isn't available on the unified portal, despite the analyst having access to the Microsoft Defender portal.
+
+A best practice is to have all Microsoft Sentinel related resources in the same Azure resource group, then delegate Microsoft Sentinel role permissions (like the Sentinel Reader role) at the resource group level that contains the Microsoft Sentinel workspace. By doing this, the role assignment applies to all the resources that support Microsoft Sentinel.
diff --git a/unified-secops-platform/overview-deploy.md b/unified-secops-platform/overview-deploy.md
@@ -72,9 +72,11 @@ For more information, see [Onboard Microsoft Sentinel](/azure/sentinel/quickstar
 
 Provision your users based on the access plan you'd [prepared earlier](overview-plan.md#plan-roles-and-permissions). To comply with Zero Trust principles, we recommend that you use role-based access control (RBAC) to provide user access only to the resources that are allowed and relevant for each user, instead of providing access to the entire environment.
 
+[!INCLUDE [mininum-access-requirements](includes/mininum-access-requirements.md)]
+
 For more information, see:
 
-- [Activate Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/activate-defender-rbac)
+- [Onboarding prerequisites](microsoft-sentinel-onboard.md#prerequisites)
 - [Assign Microsoft Entra ID roles to users](/entra/identity/role-based-access-control/manage-roles-portal)
 - [Grant a user access to Azure roles](/azure/role-based-access-control/quickstart-assign-role-user-portal)
 
diff --git a/unified-secops-platform/overview-plan.md b/unified-secops-platform/overview-plan.md
@@ -178,12 +178,19 @@ The following table describes portals for other workloads that can impact your s
 
 ## Plan roles and permissions
 
-Use Microsoft Entra role based access control (RBAC) to create and assign roles within your security operations team to grant appropriate access to services included in Microsoft's unified SecOps platform.
+Microsoft's unified security operations (SecOps) platform unifies the following role-based access control (RBAC) models:
 
-The Microsoft Defender XDR Unified role-based access control (RBAC) model provides a single permissions management experience that provides one central location for administrators to control user permissions across several security solutions. For more information, see [Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/manage-rbac).
+- [Microsoft Entra ID RBAC](/entra/identity/role-based-access-control/custom-overview), used for delegating access to Defender access, like device groups
+- [Azure RBAC](/azure/role-based-access-control/), used by Microsoft Sentinel to delegate permissions
+- [Defender unified RBAC](/defender-xdr/manage-rbac), used to delegate permissions across Defender solutions
 
-For the following services, use the different roles available, or create custom roles, to give you fine-grained control over what users can see and do. For more information, see:
+While permissions granted through Azure RBAC for Microsoft Sentinel are federated during runtime with Defender's unified RBAC, Azure RBAC and Defender RBAC are still managed separately.
+
+Defender's unified RBAC isn't required to onboard your workspace to the Defender portal, and Microsoft Sentinel permissions continue to work as expected in the Defender portal even without unified RBAC. However, using unified RBAC does simplify the delegation of permissions across Defender solutions. For more information, see [Activate Microsoft Defender XDR Unified role-based access control (RBAC)](/defender-xdr/activate-defender-rbac).
 
+[!INCLUDE [mininum-access-requirements](includes/mininum-access-requirements.md)]
+
+For the following services, use the different roles available, or create custom roles, to give you fine-grained control over what users can see and do. For more information, see:
 
 | Security service         | Link to role requirements                  |
 | ------------------------ | ------------------------------------------- |
@@ -201,6 +208,13 @@ For the following services, use the different roles available, or create custom
 | Microsoft Defender for Cloud      | [User roles and permissions](/azure/defender-for-cloud/permissions) |
 | Microsoft Purview Insider Risk Management | [Enable permissions for insider risk management](/purview/insider-risk-management-configure?tabs=purview-portal#step-1-required-enable-permissions-for-insider-risk-management) |
 
+For more information, see:
+
+- [Plan roles and permissions for Microsoft Sentinel](/azure/sentinel/roles)
+- [Azure built-in roles](/azure/role-based-access-control/built-in-roles)
+- [Microsoft Sentinel roles](/azure/role-based-access-control/built-in-roles#security)
+- [Onboarding prerequisites](microsoft-sentinel-onboard.md#prerequisites)
+
 ## Plan Zero Trust activities
 
 Microsoft's unified SecOps platform is part of [Microsoft's Zero Trust security model](zero-trust.md), which includes the following principles:
