Hi Javier,
That was exactly what I was looking for thank you.
Using the connectors you provided I created the following JSON;
'{
"connectors": [
{
"kind": "Office365",
"properties": {
"dataTypes": {
"sharePoint": {
"state": "enabled"
},
"exchange": {
"state": "enabled"
},
"teams": {
"state": "enabled"
}
}
}
},
{
"kind": "AzureActivityLog"
},
{
"kind": "MicrosoftCloudAppSecurity",
"properties": {
"dataTypes": {
"alerts": {
"state": "enabled"
},
"discoveryLogs": {
"state": "enabled"
}
}
}
},
{
"kind": "AzureAdvancedThreatProtection",
"properties": {
"dataTypes": {
"alerts": {
"state": "enabled"
}
}
}
},
{
"kind": "MicrosoftDefenderAdvancedThreatProtection",
"properties": {
"dataTypes": {
"alerts": {
"state": "enabled"
}
}
}
}
]
}'
And got the following result;
'Processing alert rule: Office365
Processing alert rule: AzureActivityLog
Data connector AzureActivityLog is not enabled
Enabling data connector AzureActivityLog
Successfully enabled data connector: AzureActivityLog with status: OK
Processing alert rule: MicrosoftCloudAppSecurity
Processing alert rule: AzureAdvancedThreatProtection
Processing alert rule: MicrosoftDefenderAdvancedThreatProtection'
But none of the connectors have activated within sentinel itself and it looks like only AzureActivityLog was successfully enabled within the script?
Thanks again for your help with this.
Aiden
Microsoft