Microsoft Defender for Endpoint( invalid license, missing consent

Question

Hi, I am enabling data connection on sentinel using bicep deployment. I created new tenant and subscription. first time on the deployment I am facing belwo issue.

when I go to sentinel and check I am all the permissions,

once I enable the endpoint data connector manually and deleted the Resource Gorup(workspace and sentinel) and then I deployed bicep deployment giving different name for resource group and workspace. my deployment got succeeded.
I am not able to find which setting or configuration is getting enabled when I enabled data connector manually for all successors bicep automations deployments.

Answer 1

The error message "Invalid license, missing consent" often indicates that you have not given the appropriate permissions to your application or you have not accepted the necessary consent.

When you're enabling the Microsoft Defender for Endpoint data connector, you need to grant Azure Sentinel reader permissions over the Microsoft Defender for Endpoint data. You can do this by adding Azure Sentinel as a reader on the Microsoft Defender Security Center. Here are the steps that you need to follow:

1. In the Defender Security Center, go to Settings > Permissions > (API) Azure Sentinel
2. Click on "Add Azure Sentinel". This will open the Azure portal.
3. Select the Azure Sentinel workspace that you want to connect.
4. Click "Add".

If you already did this and you're still having issues, it's possible that you need to accept the consent on behalf of your organization. You can do this by following these steps:

1. Open the Azure portal.
2. Go to Azure Active Directory > App registrations.
3. Select your application.
4. Click on "API permissions".
5. Click on "Grant admin consent for (your organization)".

Please refer to the following documents for more information:

• Use Microsoft Defender for Endpoint in Azure Sentinel
• Bicep deployment guide