Connecting Microsoft Defender for Endpoint to Azure Sentinel

Occasional Visitor

The data connector 'Microsoft Defender for Endpoint`, labelled as 'MicrosoftDefenderAdvancedThreatProtection' for Azure Sentinel does not run successfully. The error is: {
"error": {
"code": "InvalidLicense",
"message": "Missing consent"
}
}

This issue occurs with the New-AzSentinelDataConnector PowerShell command, the ARM template for data connectors and the API directly.

Using the same account (and same permissions) to enable this data connector via the portal works fine.

 

Has anyone experienced or resolved this already? 

 

Any help greatly appreciated, thanks.

1 Reply
@aga__ this looks like an Azure Sentinel template error according to:
https://techcommunity.microsoft.com/t5/microsoft-sentinel/quot-missing-consent-invalid-license-quot-...
https://github.com/Azure/SimuLand/issues/23
https://github.com/Azure/Azure-Sentinel/issues/5007

All 3 do not have a resolution. Please open a Microsoft CSS support ticket with our Azure Sentinel team.

Thank you,
Yong Rhee [MSFT]