Revise role requirements for entity analyzer tool

poliveria · web-flow · commit b859473afec6 · 2026-04-13T16:17:43.000+05:30
Updated role requirements for using the entity analyzer tool and clarified SCU usage roles.
diff --git a/articles/sentinel/datalake/sentinel-mcp-data-exploration-tool.md b/articles/sentinel/datalake/sentinel-mcp-data-exploration-tool.md
@@ -29,9 +29,17 @@ To access the data exploration tool collection, you need the following prerequis
     - [Microsoft Foundry](sentinel-mcp-use-tool-azure-ai-foundry.md#add-a-microsoft-sentinel-tool-collection)
     - [Visual Studio Code](sentinel-mcp-use-tool-visual-studio-code.md) 
 
-To use the [entity analyzer tool](#entity-analyzer), you also need the following roles:
-- **Security Reader** and **Security Copilot Contributor** - To use the tool, which uses [Security Compute Units (SCUs)](/copilot/security/manage-usage) to deliver the reasoned entity risk analysis. 
-- **Security Copilot Owner** - To view SCU usage. For more information, see [Understand authentication in Microsoft Security Copilot](/copilot/security/authentication).  
+> [!IMPORTANT]
+> Access to Sentinel MCP tools is supported for users, managed identities, or service principals that are assigned with ***at least*** any of the following roles:
+> - Security Administrator
+> - Security Contributor
+> - Security Operator
+> - Security Reader
+> 
+> To use the entity analyzer tool, you also need the following roles:
+> - **Security Copilot Contributor** – This role is required to use the tool, which consumes Security Compute Units (SCUs) to deliver reasoned entity risk analysis.
+> - **Security Copilot Owner** (optional) – This role is only required to view and monitor SCU usage.
+> For more information, see [Understand authentication in Microsoft Security Copilot](/copilot/security/authentication).  
 
 ## Add the data exploration collection
 
@@ -82,11 +90,6 @@ For example, `analyze_user_entity` reasons over the user's authentication patter
 
 Entity analysis tools might require a few minutes to generate results, so there are tools to start analysis for each entity and another one that polls for the analysis results.
 
-> [!IMPORTANT]
-> This tool uses [Security Compute Units (SCUs)](/copilot/security/manage-usage) to deliver the reasoned entity risk analysis, so you need to have the **Security Reader** and **Security Copilot Contributor** roles to use it and generate results.
-> 
-> To view SCU usage, you also need to have the **Security Copilot Owner** role. For more information, see [Understand authentication in Microsoft Security Copilot](/copilot/security/authentication).  
-
 #### Start analysis (`analyze_user_entity` and `analyze_url_entity`)
 
 | Parameters | Required? | Description | 
