Unable to see builtin logs in Azure Sentinel workspace?

EnterpriseArchitect 4,741 Reputation points
2021-03-30T05:57:56.17+00:00

According to: https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/

Azure Activity Logs,
Office 365 Audit Logs (all SharePoint activity and Exchange admin activity)
and alerts from Microsoft Defender products (
Azure Defender,
Microsoft 365 Defender,
Microsoft Defender for Office 365,
Microsoft Defender for Identity,
Microsoft Defender for Endpoint
),
Azure Security Center,
Microsoft Cloud App Security,
and Azure Information Protection

Can be ingested at no additional cost into both Azure Sentinel, and Azure Monitor Log Analytics.

But I do not see it under the newly created workspace ?
am I missing something here?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
975 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee
    2021-03-30T13:14:55.277+00:00

    @EnterpriseArchitect Thanks for reaching out. Normally there might be a delay of 24 hours until you see the logs after adding the corresponding sources under connectors in Azure Sentinel.

    If you have added the connectors recently, please wait.
    If you have added the connectors more than 24 - 48 hours back, let us know.

    Here is a sample of how you can add the AAD logs to Sentinel :
    82659-image.png

    Similar connector needs to be added for office 365 and other Defenders.

    1 person found this answer helpful.