🔥 3-day streak
Microsoft Security Operations Analyst173 / 190
Question 173 of 190
Your SOC has built a Microsoft Sentinel playbook (Logic App) that must add a compromised user's account to an Azure AD group and post a message to a Microsoft Teams channel when triggered by an incident. Currently the playbook fails at the step that modifies the group membership with an authorization error, though the Teams step (which uses an API connection authenticated as a service account) succeeds. The playbook is configured to authenticate to Azure AD using its system-assigned managed identity. What is the MOST appropriate action to resolve the failure while following least-privilege practices?
Reviewed for accuracy · Report an issueNext question