Forum Discussion
Using the New-AzSentinelDataConnector cmdlet
I have tried using the New-AzSentinelDataConnector cmdlet to create or update a data connector.
I have not fully gotten this solution working, trying to enable the Microsoft Entra ID data connector.
To emphasise this point, these were the PowerShell commands I ran...
$ResourceGroup = "rg-sentinel"
$WorkspaceName = "ingested-data-sentinel"
# Connect to Azure and return Tenant ID
$Connection = Connect-AzAccount
$TenantId = $Connection.Context.Tenant.Id
# Create Data Connector (AAD/Entra ID)
New-AzSentinelDataConnector -ResourceGroupName $ResourceGroup -WorkspaceName $WorkspaceName -kind AzureActiveDirectory -TenantId $TenantID -Alerts Enabled
The error output can be seen in the screenshot attached.
Has anyone successfully deployed a data connector with this PowerShell cmdlet?
1 Reply
I would verify that you have the following prerequisites fulfilled:
1. Entra ID P1 or P2 license for the sign-in logs ingest.
2. You must have Microsoft Sentinel Contributor role in workspace
3. You must have Security Contributor role in the tenant you want to stream from (or equivalent permissions)
4. Read/Write for Entra ID diagnostics to see connection status
5. I would also make sure the Entra ID solution is installed from Content Hub.
Hope this helps.
G.
