Share via

Cannot enable Azure Active Directory connector in Sentinel

Matthew Payne 20 Reputation points
Jan 18, 2023, 9:32 PM

Microsoft Sentinel issue

Cannot add Azure Active Directory Connector to Sentinel, and the error message is not helpful in anyway in troubleshooting

I've tried a few things and also chatted online with MS support

  • Upgrade from P1 to P2 Trial
  • Adding the Sentinel Contributor role
  • Registering the Microsoft.AAD provider
  • Tried Only adding Audit Logs or any of the other option (one at a time) same error
  • Logging in to browser with InCognito/Inprivate mode
  • Logging in on home network - not on a vpn or work network
  • Poored over the documentation to ensure all prerequisites are met [https://learn.microsoft.com/en-us/azure/sentinel/connect-azure-active-directory It seems like this is similar to this persons post [https://learn.microsoft.com/en-us/answers/questions/1162107/cannot-enable-azure-active-directory-conector-in-s

User's image

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,242 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,637 questions
Accepted answer
  1. JamesTran-MSFT 36,821 Reputation points Microsoft Employee
    Jan 20, 2023, 8:04 PM

    @Matthew Payne

    Thank you for your time and patience on this issue!

    From your issue, I was able to find a related thread and you should be able to resolve your issue by enabling this through Azure Active Directory directly. For more info - Diagnostic settings in Azure Monitor.

    Create diagnostic settings:

    1. Navigate to Azure Active Directory.
    2. Within the left menu, select Diagnostic settings.
    3. Add diagnostic setting.
    4. Enter your Diagnostic Settings name.
    5. Select the Logs and Destination Details.
    6. Save.

    User's image

    If you're still having issues and would like our support team to take a closer look into your environment and logs, please let me know and I'd be happy to work with you to enable a free technical support request for your subscription.

    Thank you for your time and patience throughout this issue.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. David Broggy 6,111 Reputation points MVP
    Jan 18, 2023, 10:34 PM

    Hi Matthew,
    You need to have the Azure AD Global Administrator role to enable many of the connectors.

    The Sentinel Contributor role is all you need for admin use of most features in Sentinel, however when enabling connectors you often need a higher privileged role because you're asking permission to connect to resources outside of the Sentinel resource group.

    I work with new tenants almost every week and to make my life simple I always ask the Global Admin to be on hand when enabling the connectors.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.