![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 81%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
Microsoft Security | Microsoft Sentinel
A cloud-native SIEM solution that provides intelligent security analytics and threat detection across systems
Hello @Rondo Huang (SOS Group Limited),
Thank you for posting your query on Microsoft Q&A.
Based on your description, I understand that you have installed the Azure Activity Data Connector in Microsoft Sentinel and successfully completed the Azure Policy Assignment Wizard. However, the Data Connector status remains Not Connected, and no data is being ingested.
Please follow the below steps to make the status Connected.
- Sign in to the Azure Portal and navigate to Subscriptions.
- Select the relevant subscription and go to Activity Log.
- Click on Export Activity Logs → Under the Diagnostic Settings page, select "Add Diagnostic Setting".
- In the Diagnostic Settings page:
- Provide a name for the setting.
- Select all logs to collect.
- Under Destination details, choose "Send to Log Analytics workspace".
- Select your subscription and the targeted Log Analytics workspace.
- Click Save, then verify that the setting has been created successfully.
- Allow at least 45 minutes to 1 hour for the Data Connector status to update to Connected.
Please refer to the screenshot below for a clearer understanding.
For more details you can refer this QnA post on same issue: https://learn.microsoft.com/en-us/answers/questions/2143871/how-to-connect-azure-activity-data-connector-in-se
I hope this information is helpful. Please feel free to reach out if you have any further questions.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".