Edit

Share via

Define an access restriction policy for Standard-plan playbooks

  • Applies to: Microsoft Sentinel in the Microsoft Defender portal, Microsoft Sentinel in the Azure portal

This article describes how to define an access restriction policy for Microsoft Sentinel Standard-plan playbooks, so that they can support private endpoints.

Define an access restriction policy to ensure that only Microsoft Sentinel has access to the Standard logic app containing your playbook workflows.

For more information, see:

Important

The new version of access restriction policies is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Starting in July 2026, all customers using Microsoft Sentinel in the Azure portal will be redirected to the Defender portal and will use Microsoft Sentinel in the Defender portal only. Starting in July 2025, many new users are also automatically onboarded and redirected from the Azure portal to the Defender portal. If you're still using Microsoft Sentinel in the Azure portal, we recommend that you start planning your transition to the Defender portal to ensure a smooth transition and take full advantage of the unified security operations experience offered by Microsoft Defender. For more information, see It’s Time to Move: Retiring Microsoft Sentinel’s Azure portal for greater security.

Define an access restriction policy

  1. For Microsoft Sentinel in the Azure portal, select the Configuration > Automation page. For Microsoft Sentinel in the Defender portal, select Microsoft Sentinel > Configuration > Automation.

  2. On the Automation page, select the Active playbooks tab.

  3. Filter the list for Standard-plan apps. Select the Plan filter and clear the Consumption checkbox, and then select OK. For example:

    Screenshot showing how to filter the list of apps for the standard plan type.

  4. Select a playbook to which you want to restrict access. For example:

    Screenshot showing how to select playbook from the list of playbooks.

  5. Select the logic app link on the playbook screen. For example:

    Screenshot showing how to select logic app from the playbook screen.

  6. From the navigation menu of your logic app, under Settings, select Networking. For example:

    Screenshot showing how to select networking settings from the logic app menu.

  7. In the Inbound traffic configuration area, select Public network access.

  8. In the Access Restrictions page, select the Enabled from select virtual networks and IP addresses checkbox.

    Screenshot showing how to select access restriction policy for configuration.

  9. Under Site access and rules, select + Add. The Add rule panel opens on the side. For example:

    Screenshot showing how to add a filter rule to your access restriction policy.

  10. In the Add rule pane, enter the following details.

    The name and optional description should reflect that this rule allows only Microsoft Sentinel to access the logic app. Leave the fields not mentioned below as they are.

    Field Enter or select
    Name Enter SentinelAccess or another name of your choosing.
    Action Allow
    Priority Enter 1
    Description Optional. Add a description of your choosing.
    Type Select Service Tag.
    Service Tag
    (will appear only after you
    select Service Tag above.)    		 Search for and select AzureSentinel.

  11. Select Add rule.

Sample policy

After following the procedure in this article, your policy should look as follows:

Screenshot showing rules as they should appear in your access restriction policy.

Related content

For more information, see: