Zoom logs into Sentinel

it looks like you're encountering a PowerShell error related to the command Connect-ArAccount.

Cause

This error typically means:

• PowerShell found the Connect-ArAccount command.
• But it couldn't load the Az.Accounts module, likely due to:
• Corrupt installation
• Missing dependencies
• Using the wrong version of PowerShell
• Not having Az module installed correctly

Try below Steps

1.Open PowerShell as Administrator

Right-click PowerShell → Run as Administrator

2.Ensure PowerShellGet and NuGet Are Updated

Install-PackageProvider -Name NuGet -Force -Scope CurrentUser

Update-Module -Name PowerShellGet

3.Uninstall and Reinstall the Az.Accounts Module

Uninstall-Module Az.Accounts -AllVersions -Force

Install-Module Az.Accounts -Force -AllowClobber

If you're using the full Az module:

Uninstall-Module Az -AllVersions -Force

Install-Module Az -Force -AllowClobber

4.Import the Module Manually and Retry

Import-Module Az.Accounts

Connect-AzAccount

If using Connect-ArAccount was a typo or a custom alias, use the correct command:

Connect-AzAccount

Tips:

• Connect-ArAccount is not a standard PowerShell or Azure command — were you trying to use Connect-AzAccount?
• If it's a custom function or alias, make sure the script/module that defines it is correctly sourced.

hi Analyst110​  You're not alone—Zoom integration with Microsoft Sentinel via the native Zoom data connector has been problematic, especially around the Audio Conferencing Plan error, even for users who have active plans.

Let’s walk through a practical troubleshooting and setup guide that others in the community have used successfully, along with some critical gotchas.

Common Error: Account has not audio conference plan

What It Means

• Sentinel’s Zoom data connector script makes calls to all API endpoints, including ones like /metrics/zoomroom or /report/telephone.
• These endpoints are only accessible if your Zoom account has specific add-ons, like:
• Audio Conferencing Plan
• Zoom Rooms
• Large Meetings or Webinars (in some templates)

Even if you do not need those logs, the default script calls them anyway, and fails the invocation.

How to Fix or Work Around It

Option 1: Edit the Azure Function to Skip Failing Calls

• Go into your Function App > ZoomFunctionApp > ZoomLogs > Code + Test
• Look for the block that pulls logs from /report/telephone or /metrics/zoomroom

Comment out or modify that section, e.g.:

# Skip audio logs if not needed or failing

# audio_logs = get_audio_logs(...)

# send_to_sentinel(audio_logs)

⚠️ You may need to clone the GitHub repo and redeploy it to fully customize this. Official repo: https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/Zoom

Option 2: Use the Community-Supported Version

Some users in GitHub issues and forums have created cleaned-up versions of the Zoom-Sentinel connector that:

• Remove unused API calls
• Add better error handling (try/catch around each API)

Reach out in this GitHub issue:
👉 Zoom Sentinel connector error tracking

Option 3: Check Zoom App Scopes

Make sure your Zoom app has scopes enabled for only the logs you care about (e.g., meeting:read:admin, recording:read:admin), and remove scopes for things like telephony:read:admin if you don’t have that service.

Retry Logic Tip

In the Azure Function logs:

• Look for entries like Zoom API request failed or status 403/404
• These can be benign if you're skipping unsupported services — adjust your ingestion logic accordingly.

Recommendation

Since you're blocked for 2 months, I highly recommend forking the Zoom connector repo, removing unsupported API calls, and redeploying. This has been the only consistently successful method reported by users dealing with the exact same issue.