Thank you for posting your query on Microsoft Q&A, from above description I could see that you are getting the following response when trying to create an AAD data connector via rest API for your sentinel workspace.
Response: 401 Unauthorized
{
"error": { "code": "InvalidLicense", "message": "License is invalid" }
}
Please do correct me if this is not the case by responding in the comments section.
Seems like a permission or a license issue to me, kindly validate if the following prerequisites are met:
- A Microsoft Entra ID P1 or P2 license is required to ingest sign-in logs into Microsoft Sentinel. Any Microsoft Entra ID license (Free/O365/P1 or P2) is sufficient to ingest the other log types. Additional per-gigabyte charges may apply for Azure Monitor (Log Analytics) and Microsoft Sentinel.
- Your user must be assigned the Microsoft Sentinel Contributor role on the workspace.
- Your user must be assigned the Global Administrator or Security Administrator roles on the tenant you want to stream the logs from.
- Your user must have read and write permissions to the Microsoft Entra diagnostic settings in order to be able to see the connection status.
- Install the solution for Microsoft Entra ID from the Content Hub in Microsoft Sentinel. For more information, see Discover and manage Microsoft Sentinel out-of-the-box content.
Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik