Nov 26 2021 07:18 AM
Hi,
I have been fighting with the new Azure Activity data connector. I deploy the policy with the wizard the the connector page, scope it to my subscription but nothing happens. My Policy shows as Compliant, the Log Analytics workspace is in the scoped subscription but nothing happens. It's not the first time that I'm stuck with this problem and I think I've been applying MS' official documentation.
Any idea what I should check ?
Regards,
P.
Nov 29 2021 04:04 AM
@PhilippeAugras Have you gone to the Activity log and checked the Diagnostics settings to verify that the settings were indeed pushed correctly?
Nov 29 2021 05:37 AM
@Gary Bushey , thank you for your answer. The diagnostic settings worked with the old version of the connector. The new one relies on an Azure Policy that i supposed to send the activity to Sentinel's log. Or do I also need to configure the diag settings for this new connector ? It's not mentioned in MS's docs.
Regards,
P.
Nov 29 2021 07:08 AM
Dec 01 2021 12:30 AM
Dec 01 2021 02:22 AM
@PhilippeAugras I think that it makes sense that there is no ressources associated, because the policy is applied to the subscription only and not specific resources.
So if you go to the subscription for which you applied the policy, then choose "Activity Logs" and then choose "Diagnostic Settings" in the top of the window, you should be able to see the diagnostic settings from the subscription is being sent to sentinel.
It seems like you expect all resources in the subscription to have their diagnostic settings updated (please correct me if im wrong). Only the chosen subscription's diagnostic settings will be set.
Bonus: if you want to have multiple subscriptions set, you need to create a management group, and assign the policy to a group containing multiple subscriptions.
Dec 01 2021 04:27 AM
SolutionNov 05 2023 06:10 PM
Dec 01 2021 04:27 AM
Solution