Hello
I am learning to build Logic Apps. The tasks will mainly involve querying Log Analytics and writing comments in incidents. How can I do this securely?

I understand that I need to add the Sentinel Contributor role for the Logic App, but what next? If I need the Logic App to be able to query, do I need to give it additional access, such as Log Analytics Contributor or Reader?

When I want to create a connection, I have three options:

OAuth – I see that I log in with my account, and then the Logic App has access to what I have access to. Is this secure?

Service Principal – I need to register an application and create a secret for it, then grant this application access to Sentinel. Can I use a single Service Principal for all Logic Apps? I understand that secrets need to be rotated – does this affect my Logic Apps? Will I need to update something to ensure everything works properly?

Managed Identity – This only works within the specific Logic App? This seems like the best solution, but I managed to add a new Managed Identity to query Log Analytics, and in the next step, I wanted it to add tasks to an incident in Sentinel, and unfortunately, it didn’t work. (However, I changed the last step and added it via OAuth, and it worked, allowing the Logic App to add tasks to the incident in Sentinel.)

this is one of example i am working on. 

https://github.com/Azure/Azure-Sentinel/blob/master/Playbooks/Get-SOCTasks/readme.md

adding role assignment

I would be great if you can share your experiences! thank you

​HelloI am learning to build Logic Apps. The tasks will mainly involve querying Log Analytics and writing comments in incidents. How can I do this securely?I understand that I need to add the Sentinel Contributor role for the Logic App, but what next? If I need the Logic App to be able to query, do I need to give it additional access, such as Log Analytics Contributor or Reader? When I want to create a connection, I have three options: OAuth – I see that I log in with my account, and then the Logic App has access to what I have access to. Is this secure?  Service Principal – I need to register an application and create a secret for it, then grant this application access to Sentinel. Can I use a single Service Principal for all Logic Apps? I understand that secrets need to be rotated – does this affect my Logic Apps? Will I need to update something to ensure everything works properly? Managed Identity – This only works within the specific Logic App? This seems like the best solution, but I managed to add a new Managed Identity to query Log Analytics, and in the next step, I wanted it to add tasks to an incident in Sentinel, and unfortunately, it didn’t work. (However, I changed the last step and added it via OAuth, and it worked, allowing the Logic App to add tasks to the incident in Sentinel.)   this is one of example i am working on.  https://github.com/Azure/Azure-Sentinel/blob/master/Playbooks/Get-SOCTasks/readme.mdadding role assignment   I would be great if you can share your experiences! thank you   Read More

​