Share via

Unable to choose log analytics workspace for policies/sentinel connector

Matias Tontti 96 Reputation points
2022-06-28T08:30:24.683+00:00

I have a problem regarding Azure Policies / Sentinel. I am unable to link any log analytics workspace to policies for enabling for example diagnostic logs or sentinel connector for resources.

The error i got: The resource type 'workspaces' could not be found in the namespace 'Microsoft.OperationalInsights' for api version '2022-09-01-privatepreview'. The supported api-versions are '2015-03-20,2015-11-01-preview,2017-01-01-preview,2017-03-03-preview,2017-03-15-preview,2017-04-26-preview,2020-03-01-preview,2020-08-01,2020-10-01,2021-06-01,2021-03-01-privatepreview,2021-12-01-preview'.

I have checked that the resource provider Microsoft.OperationalInsights is registered. What else should i check?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
2,858 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
999 questions
Accepted answer
  1. SwathiDhanwada-MSFT 17,881 Reputation points
    2022-06-30T05:26:07.757+00:00

    The assignment is failing due to the metadata property strongType in the policy definition, which allows for a user-friendly clickable drop down experience in the portal during assignment. It sends a tenant-level provider call which gets the latest API to populate the drop down. When that API is behind a feature flag, it is not enabled in all subscriptions, which causes the error.

    In this specific scenario, the Insights RP just added a private preview API version behind a feature flag, which is preventing assignments through the portal for all policies that have a strongType for OMS workspaces. Product Group have a short-term mitigation to resolve the problem for Insights RP’s API this week and are actively looking at the design for a long-term solution to prevent this issue for other RPs in the future.

    If the issue needs to be addressed immediately, one workaround until the fix is available would be to duplicate the definition and remove the strong type. This would require that the parameter be entered as an array of strings during assignment (instead of the user-friendly drop down).

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Wojtas Marcin 16 Reputation points
    2022-06-29T12:55:59.877+00:00

    And the answer from azure support is:

    This issue has been addressed and identified by our product group team as we have been seen a few more queries about this behavior. Please know that I will be on top of the investigation that they are performing and will make sure to send updates your way as soon as I have them.

    2 people found this answer helpful.
  2. Matias Tontti 96 Reputation points
    2022-06-30T14:10:59.607+00:00

    I also confirm that the problem seems to be solved now.

    0 comments