Unable to see builtin logs in Azure Sentinel workspace?

asked 2021-03-30T05:57:56.17+00:00
Enterprise Architect 2,121 Reputation points

According to: https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/

Azure Activity Logs,
Office 365 Audit Logs (all SharePoint activity and Exchange admin activity)
and alerts from Microsoft Defender products (
Azure Defender,
Microsoft 365 Defender,
Microsoft Defender for Office 365,
Microsoft Defender for Identity,
Microsoft Defender for Endpoint
Azure Security Center,
Microsoft Cloud App Security,
and Azure Information Protection

Can be ingested at no additional cost into both Azure Sentinel, and Azure Monitor Log Analytics.

But I do not see it under the newly created workspace ?
am I missing something here?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
605 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. answered 2021-03-30T13:14:55.277+00:00
    VipulSparsh-MSFT 15,951 Reputation points

    @Enterprise Architect Thanks for reaching out. Normally there might be a delay of 24 hours until you see the logs after adding the corresponding sources under connectors in Azure Sentinel.

    If you have added the connectors recently, please wait.
    If you have added the connectors more than 24 - 48 hours back, let us know.

    Here is a sample of how you can add the AAD logs to Sentinel :

    Similar connector needs to be added for office 365 and other Defenders.