This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 28.000000000000004%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA0%3C/text%3E%3C/svg%3E)
Hi,
Trying to instantiate Sentinel using Terraform. Should be straightforward, create a resource group (azurerm_resource_group), log analytics workspace (azurerm_log_analytics_workspace), onboarding Sentinel (azurerm_sentinel_log_analytics_workspace_onboarding), then enabling data connectors of my choice (for starters azurerm_sentinel_data_connector_microsoft_defender_advanced_threat_protection and azurerm_sentinel_data_connector_office_365).
I’ve tried this last Friday and it all worked, although had issues with the 365 Defender connector as described here https://github.com/Azure/SimuLand/issues/23 Everything else go created, also the data connector for Office 365. Deleted the Office365 as it was a weekend planning to play around with it on Monday. Today realized that I’m not able to enable the Office 365 connector with the SAME code although it worked on last Friday …
rror: creating Data Connector: (Name "office_365" / Workspace Name "foo-bar-sentinel" / Resource Group "foo-bar"): securityinsight.DataConnectorsClient#CreateOrUpdate: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="Unauthorized" Message="Access
denied"
│
│ with module.office_365.azurerm_sentinel_data_connector_office_365.office_365,
│ on modules\DataConnectors\Office365\main.tf line 1, in resource "azurerm_sentinel_data_connector_office_365" "office_365":
│ 1: resource "azurerm_sentinel_data_connector_office_365" "office_365" {
This can’t be a permission issue because I’m using the exact same principal (Contributor role on the subscription).
Anyone ?
PS. here's a screen shot from last Friday showing the connector as enabled !
It sounds like you're encountering an authentication or authorization issue when trying to enable the Office 365 data connector in Azure Sentinel using Terraform. While you mention that you're using the same principle with the Contributor role on the subscription, there could still be a few things to check and troubleshoot:
If you've checked all these points and are still encountering issues, it might be beneficial to contact Microsoft Azure Support for further assistance, especially if the issue persists. Providing them with specific error messages, logs, and context about your environment will help them assist you more effectively.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 16%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEP%3C/text%3E%3C/svg%3E)
Hello Forum.
I'm going to the same predicament here and I wander if you would be kind enough to please post the terraform script to deploy Azure Sentinel (RG, Work Group and Sentinel and the connectors)
I would really appreciate it.
Thank you.