Azure Activity Data connector configuration

Herman 20 Reputation points
2024-06-24T07:30:46.6266667+00:00

Hi,

I am trying to configure the Azure Activity data connector in my tenant. I have installed the connector and configured the azure policy scoped at my subscription where i have sentinel deployed. In the parameter section I have set my sentinel workspace from the Log Analytics workspace. The policy is then deployed and role assignment is set. I have waited for 30 minutes now and the connector it still showing as disconnected. Any tips or tricks that I could try or is there something I have forgotten?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
1,054 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andrew Blumhardt 9,841 Reputation points Microsoft Employee
    2024-06-25T12:17:00.0766667+00:00

    I think Herman is referring to the Activity Log connector rather than the Azure Active Directory connector.

    I assume it may already be working if you check again. The connector will only record new activity and this log may be bursty due to the level of administrative activity in the subscriptions. The connector will light up as active once data starts flowing to the AzureActivity table. You can also verify that the table has data in logs.

    Please let us know if this issue persists.


1 additional answer

Sort by: Most helpful
  1. Akshay-MSFT 17,651 Reputation points Microsoft Employee
    2024-06-25T10:43:00.2133333+00:00

    @Herman Jensen

    Azure Active directory data connector has been renamed to Entra ID. My recommendation here would be to navigate to content hub within your sentinel and Install Entra ID connector.

    Once installed it must be visible within Data connector blade of Sentinel workspace. Click on "Open connector page".

    User's image

    • Choose the logs to be ingested within configuration and wait for 1 hour for logs to be ingested.

    User's image

    If you don't have any further queries and the suggestion above answers your ask, please "Accept the answer", This will help us and others in the community as well.

    Thanks,

    Akshay Kaushik

    0 comments No comments