Share via

Microsoft 365 logs not ingesting into Sentinel

Rich3236 6 Reputation points
2021-10-14T13:20:40.683+00:00

Good afternoon all.

I'm having issues with Azure Sentinel, I have a global administrator account and I have created a Office 365 connector to our instance. All appears green as shown below but I am not receiving any logs on any of them.

140570-shot-of-azure-sentinel-instance.png

Anyone experienced this and know how i can fix it?

Regards

Microsoft Security | Microsoft Sentinel

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marilee Turscak-MSFT 37,206 Reputation points Microsoft Employee Moderator
    2021-10-14T23:19:16.13+00:00

    Hi @Rich3236 ,

    It appears that your data sources are failing to connect. In your screenshot the "Data types" section is grey rather than green like it would be if the sources were connected. You need to make sure that you have met the prerequisites listed on the top right and have applied the configuration settings.

    You can also check under the Logs section on the left and run a query against the data.

    If you have met all of the prerequisites, I would recommend disconnecting and connecting back with the global admin tenant permissions. If the issue persists after reconnecting, you may need to look into the activities settings and permission on the Sharepoint, Teams, and Exchange side.

    Let me know if this helps!

    Marilee

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.