Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community
SOLVED

How to check if Sentinel is enabled for a subscription (programmatic access)

Copper Contributor

Hello,

 

Is it possible to query a Resource Provider/ARM property to see if Azure Sentinel has been enabled on a subscription? I was hoping we can use resource graph query or at a minimum an API call to help us see which subscriptions/workspaces are enabled for sentinel (reporting purposes).

 

Thanks in advance.

1 Reply
best response confirmed by Dave Rendón (MVP)
Solution

You can check for a specific log analytics workspace if the sentinel log analytics solutions installed.

By running this REST call

https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces/listintelligencepacks

And look in the resource this solution name:

 

  "name": "SecurityInsights",
    "enabled": true,
    "displayname": "Security Insights"

 

1 best response

Accepted Solutions
best response confirmed by Dave Rendón (MVP)
Solution

You can check for a specific log analytics workspace if the sentinel log analytics solutions installed.

By running this REST call

https://docs.microsoft.com/en-us/rest/api/loganalytics/workspaces/listintelligencepacks

And look in the resource this solution name:

 

  "name": "SecurityInsights",
    "enabled": true,
    "displayname": "Security Insights"

 

View solution in original post