Microsoft Entra Tech Accelerator
Jun 27 2023, 08:00 AM - 12:00 PM (PDT)
Microsoft Tech Community

How to check if Sentinel is enabled for a subscription (programmatic access)

Frequent Visitor



Is it possible to query a Resource Provider/ARM property to see if Azure Sentinel has been enabled on a subscription? I was hoping we can use resource graph query or at a minimum an API call to help us see which subscriptions/workspaces are enabled for sentinel (reporting purposes).


Thanks in advance.

1 Reply
best response confirmed by Dave Rendón (MVP)

You can check for a specific log analytics workspace if the sentinel log analytics solutions installed.

By running this REST call

And look in the resource this solution name:


  "name": "SecurityInsights",
    "enabled": true,
    "displayname": "Security Insights"