Forum Discussion
Log Analytics into Azure Lighthouse
- Sep 27, 2020
SebastiaanR I never even thought of a scenario where the managing tenant wouldn't have a subscription! Add even an Azure Free Account sub to it and see if that works.
Hi SoniaCuff,
maybe you can help me out with some similar situation.
We have a managing tenant without subscription.
I saw the updated docs Monitor delegated resources at scale - Azure Lighthouse | Microsoft Docs with the section to add New-AzADServicePrincipal for the managing tenant without subscription.
But we cannot get it to work. We always get the following:
We were then able to set it like this:
After that we onboarded a customer. But when we try to access some logs we still get the error:
So it seems that we will forcely need a subscription within the managing tenant?
Any hints?
Thanks for your help
Regards,
Ben
From your managing tenant context, try to register all the 1st party service principals that the Microsoft.Insights resource provider registers.
Example:
Connect-AzAccount -Tenant managingtenant.onmicrosoft.com
New-AzADServicePrincipal -ApplicationId 6bccf540-eb86-4037-af03-7fa058c2db75
New-AzADServicePrincipal -ApplicationId 11c174dc-1945-4a9a-a36b-c79a0f246b9b
New-AzADServicePrincipal -ApplicationId 035f9e1d-4f00-4419-bf50-bf2d87eb4878
New-AzADServicePrincipal -ApplicationId f5c26e74-f226-4ae8-85f0-b4af0080ac9e
New-AzADServicePrincipal -ApplicationId b503eb83-1222-4dcc-b116-b98ed5216e05
New-AzADServicePrincipal -ApplicationId ca7f3f0b-7d91-482c-8e09-c5d840d0eac5
New-AzADServicePrincipal -ApplicationId 3af5a1e8-2459-45cb-8683-bcd6cccbcc13
New-AzADServicePrincipal -ApplicationId 6a0a243c-0886-468a-a4c2-eff52c7445da
New-AzADServicePrincipal -ApplicationId 707be275-6b9d-4ee7-88f9-c0c2bd646e0f
New-AzADServicePrincipal -ApplicationId 461e8683-5575-4561-ac7f-899cc907d62a
New-AzADServicePrincipal -ApplicationId 562db366-1b96-45d2-aa4a-f2148cef2240
New-AzADServicePrincipal -ApplicationId e933bd07-d2ee-4f1d-933c-3752b819567b
New-AzADServicePrincipal -ApplicationId f6b60513-f290-450e-a2f3-9930de61c5e7
New-AzADServicePrincipal -ApplicationId 12743ff8-d3de-49d0-a4ce-6c91a4245ea0
New-AzADServicePrincipal -ApplicationId 58ef1dbd-684c-47d6-8ffc-61ea7a197b95
- Benjamin GrausJul 04, 2023Brass ContributorThanks for coming back on this!
I've recheck again on our managing tenant and it seems to work now.
Even without your additional ServicePrincipals.
Thanks again