"failed to apply changes" - Onboarding Azure AD Logs Into Sentinel

-jmn- · ‎Dec 16 2022

Whenever we try to onboard Azure Active Directory logs into Sentinel, we get a very unhelpful error message "failed to apply changes - error". We have tried this twice, a week apart. How can this be solved? We have the following:

Security Admin
Microsoft 365 Business Premium (which include AAD P1)

GBushey · ‎Dec 21 2022

I would go into AAD and setup the Diagnostic settings to send data into Sentinel's Log Analytics workspace.

-jmn- · ‎Jan 05 2023

I tried this. It actually gave me an error this time. It said I was missing a P1 or P2 license. I have a P1 license. Out of curiosity, I clicked on the offer of a free trial. It did not give me the option to purchase a P1 license (because I have them).

I think the issue is the following: The Azure subscription that the LA workspace resides in belongs to a security administrator at the org. AAD is provided through a reseller. I think the error could be fixed by redeploying in an Azure subscription provided by the reseller.

"failed to apply changes" - Onboarding Azure AD Logs Into Sentinel

"failed to apply changes" - Onboarding Azure AD Logs Into Sentinel

Re: "failed to apply changes" - Onboarding Azure AD Logs Into Sentinel

Re: "failed to apply changes" - Onboarding Azure AD Logs Into Sentinel

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

"failed to apply changes" - Onboarding Azure AD Logs Into Sentinel

"failed to apply changes" - Onboarding Azure AD Logs Into Sentinel

Re: "failed to apply changes" - Onboarding Azure AD Logs Into Sentinel

Re: "failed to apply changes" - Onboarding Azure AD Logs Into Sentinel