Forum Discussion
Issue while deploying Sentienl Rules
I know that when deleting a Sentinel rule, you need to wait a specific amount of time before it can be redeployed. However, in this tenant, we've been waiting for almost a month and are still getting...
Hi @StefanHartmann1
Normally, the soft-delete state for analytics rules lasts up to 14 days, but if the deletion was tied to a deployment via ARM/Bicep/Terraform, the ID can get “stuck” in the resource provider’s cache for much longer. In some cases, the only way to reuse the same ID is to open a Microsoft support ticket so they can manually clear it from the backend. If reusing the exact same ID is critical, I’d recommend raising a support case with the Microsoft.SecurityInsights resource provider details and rule name/ID — otherwise, changing the ruleId (GUID) in your template is the quickest workaround.
Feel free to reply if you have any issues!