cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Defender Streaming API is not removed during offboarding process (and cannot be deleted)

StephanGee
Steel Contributor

‎Sep 06 2022 05:25 AM

‎Sep 06 2022 05:25 AM

Defender Streaming API is not removed during offboarding process (and cannot be deleted)

Hi everyone,

 

we were testing out Sentinel but postponed the project. So we did the offboarding process of Sentinel - where it states for connectors automatic removal: Remove Microsoft Sentinel | Microsoft Docs

  • Microsoft services security alerts: Microsoft Defender for Identity, Microsoft Defender for Cloud Apps (formerly Microsoft Cloud App Security) including Cloud Discovery Shadow IT reporting, Azure AD Identity Protection, Microsoft Defender for Endpoint, security alerts from Microsoft Defender for Cloud (formerly Azure Defender)

But .. the Streaming API is still existing AND cannot be deleted.

We already deleted the RGs related to our Sentinel installation.

 

How to get rid of it? We can also not uncheck the types - as it does not allow to save. I am a global admin.

StephanGee_0-1662467087193.png

As i have already a long ongoing support case - i hope someone here can help me out.

 

BR

Stephan

2,180 Views
1 Like
2 Replies
Reply
2 Replies
best response confirmed by StephanGee (Steel Contributor)
nickselvaggio-msft

‎Sep 21 2022 10:36 AM - edited ‎Sep 21 2022 10:38 AM

‎Sep 21 2022 10:36 AM - edited ‎Sep 21 2022 10:38 AM

Solution

Re: Defender Streaming API is not removed during offboarding process (and cannot be deleted)

Hi @StephanGee,

 

This export setting can be removed via API by sending a delete call to https://api.security.microsoft.com/api/dataexportsettings/<export setting name>. The export setting name should be the full name starting with SentinelExportSettings - for example: https://api.security.microsoft.com/api/dataexportsettings/SentinelExportSettings-sentinel-test

 

The easiest method to perform this is with the API explorer in the Microsoft 365 Defender portal (under Endpoints -> Partners and APIs -> API explorer), but you can use any method of calling an API (cURL, Postman, etc):

 

nickselvaggiomsft_0-1663781659880.png

 

Following this and assuming you get a 200 status code returned, you can confirm in the portal that the setting has been deleted. You'll need to have the appropriate RBAC permissions to call this API.

 

1 Like
Reply
StephanGee

‎Sep 23 2022 01:21 AM

‎Sep 23 2022 01:21 AM

Re: Defender Streaming API is not removed during offboarding process (and cannot be deleted)

@nickselvaggio-msft Thank you very much - worked like a charm.

StephanGee_0-1663921223692.png

GET

StephanGee_1-1663921246336.png

 

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by StephanGee (Steel Contributor)
nickselvaggio-msft

‎Sep 21 2022 10:36 AM - edited ‎Sep 21 2022 10:38 AM

‎Sep 21 2022 10:36 AM - edited ‎Sep 21 2022 10:38 AM

Solution

Re: Defender Streaming API is not removed during offboarding process (and cannot be deleted)

Hi @StephanGee,

 

This export setting can be removed via API by sending a delete call to https://api.security.microsoft.com/api/dataexportsettings/<export setting name>. The export setting name should be the full name starting with SentinelExportSettings - for example: https://api.security.microsoft.com/api/dataexportsettings/SentinelExportSettings-sentinel-test

 

The easiest method to perform this is with the API explorer in the Microsoft 365 Defender portal (under Endpoints -> Partners and APIs -> API explorer), but you can use any method of calling an API (cURL, Postman, etc):

 

nickselvaggiomsft_0-1663781659880.png

 

Following this and assuming you get a 200 status code returned, you can confirm in the portal that the setting has been deleted. You'll need to have the appropriate RBAC permissions to call this API.

 

View solution in original post

1 Like
Reply