Home

Connect to Azure Active Directory

%3CLINGO-SUB%20id%3D%22lingo-sub-359798%22%20slang%3D%22en-US%22%3EConnect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359798%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20trying%20to%20connect%20Azure%20Sentinel%20to%20Azure%20Active%20Directory%20%2C%20however%20the%20process%20doesn't%20seem%20to%20end%20and%20it%20doesn't%20connect.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F84979iC574D612E6F9B02D%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22az-sentinel%60.png%22%20title%3D%22az-sentinel%60.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-391419%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-391419%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3400%22%20target%3D%22_blank%22%3E%40Michael%20Van%20Horenbeeck%3C%2FA%3E%26amp%3B%20all%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20solved%20the%20issue%20yesterday%2C%20seemded%20to%20be%20a%20permission%20issue%2C%20while%20I%20had%20full%20rights%20on%20the%20workspace%2C%20I%20did%20not%20have%20that%20on%20the%20Azure%20Tenant%20itself%2C%20hence%20once%20my%20colleague%20logged%20in%20with%20Azure%20Tenant%20owner%20rights%20%2C%20the%20activation%20worked%20nicely.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-364234%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-364234%22%20slang%3D%22en-US%22%3E%3CP%3EHad%20the%20same%20issue.%20In%20my%20tenant%2C%20connecting%20Azure%20AD%20to%20Sentinel%20would%20not%20work.%20The%20process%20hung%2C%20just%20like%20Alex'.%20Going%20through%20the%20manual%20steps%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Freports-monitoring%2Fhowto-integrate-activity-logs-with-log-analytics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Freports-monitoring%2Fhowto-integrate-activity-logs-with-log-analytics%3C%2FA%3E)%20worked.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20funny%20thing%20is%20that%20other%20tenants%20(like%20a%20customer%20where%20I%20enabled%20the%20preview)%2C%20did%20not%20have%20this%20issue.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHaving%20some%20sort%20of%20log%20regarding%20this%20would%20be%20helpful%20to%20troubleshoot.%20Right%20now%2C%20the%20information%20is%20rather%20limited.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360971%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360971%22%20slang%3D%22en-US%22%3EHi%20Alex%2C%3CBR%20%2F%3E%3CBR%20%2F%3ENot%20sure%20if%20this%20is%20mandatory%2C%20I've%20used%20the%20same%20workspace%20for%20both%2C%20haven't%20tested%26nbsp%3Byet%20with%20a%20different%20one.%3CBR%20%2F%3E%3CBR%20%2F%3ECheers%2C%3CBR%20%2F%3E%3CBR%20%2F%3EUri%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360967%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360967%22%20slang%3D%22en-US%22%3E%3CP%3EHI%20I%20have%20enabled%20azure%20monitor%20logs%2C%20since%20I%20saved%20the%20settings%20the%20status%20is%20as%20following%20since%20a%20couple%20of%20hours.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUpdating%20diagnostics%20for%20'%2Fproviders%2Fmicrosoft.aadiam'.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360780%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360780%22%20slang%3D%22en-US%22%3EThat%20resolved%20it%20for%20me.%20Thanks!!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360768%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360768%22%20slang%3D%22en-US%22%3E%3CP%3E%2B1%20here!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360604%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360604%22%20slang%3D%22en-US%22%3EHi%20Uri%3CBR%20%2F%3E%3CBR%20%2F%3EDo%20you%20Need%20to%20configure%20the%20same%20log%20analytics%20workspace%20for%20both%20Solutions%3F%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%3CBR%20%2F%3EAlex%3CBR%20%2F%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360557%22%20slang%3D%22en-US%22%3ERE%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360557%22%20slang%3D%22en-US%22%3EHad%20same%20issue%20and%20I%20think%20you%20first%20need%20to%20enable%20integrate%20Azure%20AD%20Logs%20with%20Log%20Analytics%20-%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Freports-monitoring%2Fhowto-integrate-activity-logs-with-log-analytics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Freports-monitoring%2Fhowto-integrate-activity-logs-with-log-analytics%3C%2FA%3E%20).%20After%20doing%20that%20it%20it%20successfully%20connected.%20HTH%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-360418%22%20slang%3D%22en-US%22%3ERe%3A%20Connect%20to%20Azure%20Active%20Directory%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360418%22%20slang%3D%22en-US%22%3E%3CP%3ESame%20issue%20here..%20its%20just%20stuck%20at%20Connecting%20Azure%20Active%20Directory%20(been%20going%20for%2019%20hours).%26nbsp%3B%20I%20have%20Azure%20AD%20Premium%20P2%20licenses%20and%20have%20Global%20Admin%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hello, 

 

I'm trying to connect Azure Sentinel to Azure Active Directory , however the process doesn't seem to end and it doesn't connect. 

 

az-sentinel`.png

 

 

 

9 Replies
Highlighted

Same issue here.. its just stuck at Connecting Azure Active Directory (been going for 19 hours).  I have Azure AD Premium P2 licenses and have Global Admin

Highlighted
Had same issue and I think you first need to enable integrate Azure AD Logs with Log Analytics - (https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-... ). After doing that it it successfully connected. HTH
Highlighted
Hi Uri

Do you Need to configure the same log analytics workspace for both Solutions?

Thanks
Alex


Highlighted

+1 here!

Highlighted
That resolved it for me. Thanks!!
Highlighted

HI I have enabled azure monitor logs, since I saved the settings the status is as following since a couple of hours. 

 

 

Updating diagnostics for '/providers/microsoft.aadiam'.

Highlighted
Hi Alex,

Not sure if this is mandatory, I've used the same workspace for both, haven't tested yet with a different one.

Cheers,

Uri
Highlighted

Had the same issue. In my tenant, connecting Azure AD to Sentinel would not work. The process hung, just like Alex'. Going through the manual steps (https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-integrate-activity-...) worked.

 

The funny thing is that other tenants (like a customer where I enabled the preview), did not have this issue.

 

Having some sort of log regarding this would be helpful to troubleshoot. Right now, the information is rather limited.

Highlighted

@Michael Van Horenbeeck& all, 

 

I solved the issue yesterday, seemded to be a permission issue, while I had full rights on the workspace, I did not have that on the Azure Tenant itself, hence once my colleague logged in with Azure Tenant owner rights , the activation worked nicely.