What's new: Azure Sentinel new onboarding/offboarding API - Microsoft Tech Community
Azure Sentinel is a nested resource on top of a Log Analytics workspace, which introduces some complexity in managing the Azure Sentinel resource on its own. Up until now, onboarding to Azure Sentinel required performing multiple API calls to multiple endpoints. When done by the UI the complexity is hidden from end user but for API users, this created complexities.
To overcome this, we introduce a dedicated endpoint called “OnboardingStates”. This endpoint allows managing the Azure Sentinel instance seamlessly on a workspace through the API. The endpoint provides a single source of truth for performing the different operations required for a complete creation/deletion (aka onboarding/offboarding) of Azure Sentinel on a workspace.