Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

Connecting Microsoft Defender for Endpoint to Azure Sentinel

Copper Contributor

The data connector 'Microsoft Defender for Endpoint`, labelled as 'MicrosoftDefenderAdvancedThreatProtection' for Azure Sentinel does not run successfully. The error is: {
"error": {
"code": "InvalidLicense",
"message": "Missing consent"

This issue occurs with the New-AzSentinelDataConnector PowerShell command, the ARM template for data connectors and the API directly.

Using the same account (and same permissions) to enable this data connector via the portal works fine.


Has anyone experienced or resolved this already? 


Any help greatly appreciated, thanks.

1 Reply
@aga__ this looks like an Azure Sentinel template error according to:

All 3 do not have a resolution. Please open a Microsoft CSS support ticket with our Azure Sentinel team.

Thank you,
Yong Rhee [MSFT]