What's new: Azure Sentinel new onboarding/offboarding API

Published Aug 16 2021 12:39 AM 2,691 Views
Microsoft

Introduction 

Azure Sentinel is a nested resource on top of a Log Analytics workspace, which introduces some complexity in managing the Azure Sentinel resource on its own. Up until now, onboarding to Azure Sentinel required performing multiple API calls to multiple endpoints. When done by the UI the complexity is hidden from end user but for API users, this created complexities.  

 

To overcome this, we introduce a dedicated endpoint called “OnboardingStates”. This endpoint allows managing the Azure Sentinel instance seamlessly on a workspace through the API. The endpoint provides a single source of truth for performing the different operations required for a complete creation/deletion (aka onboarding/offboarding) of Azure Sentinel on a workspace.  

 

How to use the new API 

This new API, now in public preview, is documented in our preview API documentation: 

https://github.com/Azure/azure-rest-api-specs/blob/master/specification/securityinsights/resource-ma... 

 

Some examples on how to use this new API can be found here: 

https://github.com/Azure/azure-rest-api-specs/tree/master/specification/securityinsights/resource-ma... 

 

Migration to the new model 

During the public preview stage both the previous API method and the new API method will work seamlessly. No existing usage will be broken, and customers can expect all current flows to work as expected. The UI component itself has already been changed to use the new API call. 

Once this API goes to general availability (GA), we will deprecate the current API. We will communicate beforehand to customers regularly using the old method, but customers are expected to start using the new method no later than September 10th 2021. 

 

Note on the SecurityInsights solution  

As part of onboarding to Azure Sentinel, the SecurityInsights solution is installed on the Log Analytics workspace. If you had the chance to manage your Azure Sentinel resource(s) using the API in the past, you might have manually installed/removed the SecurityInsights solution on/from the workspace. As part of introducing the new OnboardingStates API, this manual management of the solution will no longer be supported. Hence, you should neither install nor remove the SecurityInsights solution directly. Instead, either use the Azure Portal or the OnboardingStates endpoints to manage Azure Sentinel on a workspace.  

 

The statement above also applies to the current methods to install the SecurityInsights solution via ARM template (using Microsoft.OperationsManagement/solutions resource type) or PowerShell (using New-AzMonitorLogAnalyticsSolution cmdlet). The new OnboardingStates endpoint is already available to be used in ARM templates (see a sample here) and we expect to add PowerShell support soon as part of the Az.SecurityInsights module. 

 

Additional resources 

1 Comment
Senior Member

Hey @Ely_Abramovitch , this solution works fine for me when the subscription is not a new one, but if I want to use it on a virgin subscription I get an internal server error.

I use ARM template (subscriptionDeploymentTemplate.json) to deploy a resource group, then create a LAW in it and then enable Sentinel on it. When I use the older solution (Microsoft.OperationsManagement/solutions) it works just fine, I can deploy the above-mentioned resources. But if I try to use the new solution (Microsoft.OperationalInsights/workspaces/providers/onboardingStates) then I get this:

 

{
"status": "Failed",
"error": {
"code": "InternalServerError",
"message": "Internal server error"
}
}

 

The resource group is still deployed, I can also see the LAW being deployed, but the Sentinel is not enabled because of this error.
I assume this is not a normal behavior. If needed I can share my code somewhere.

%3CLINGO-SUB%20id%3D%22lingo-sub-2640471%22%20slang%3D%22en-US%22%3EWhat's%20new%3A%20Azure%20Sentinel%20new%20onboarding%2Foffboarding%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2640471%22%20slang%3D%22en-US%22%3E%3CH2%20aria-level%3D%221%22%20id%3D%22toc-hId--382118802%22%20id%3D%22toc-hId--381166663%22%20id%3D%22toc-hId--381166663%22%20id%3D%22toc-hId--381166663%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EIntroduction%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Sentinel%20is%20a%E2%80%AFnested%20resource%20on%20top%20of%20a%20Log%20Analytics%20workspace%2C%20which%20introduces%20some%20complexity%20in%20managing%20the%20Azure%20Sentinel%20resource%20on%20its%20own.%20Up%20until%20now%2C%20onboarding%20to%20Azure%20Sentinel%20required%20performing%20multiple%20API%20calls%20to%20multiple%20endpoints.%20When%20done%20by%20the%20UI%20the%20complexity%20is%20hidden%20from%20end%20user%20but%20for%20API%20users%2C%20this%20created%20complexities.%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3E%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3ETo%20overcome%20this%2C%20we%20introduce%20a%20dedicated%20endpoint%20called%20%E2%80%9COnboardingStates%E2%80%9D.%20This%20endpoint%20allows%20managing%20the%20Azure%20Sentinel%20instance%20seamlessly%20on%20a%20workspace%20through%20the%20API.%20The%20endpoint%20provides%20a%20single%20source%20of%20truth%20for%20performing%20the%20different%20operations%20required%20for%20a%20complete%20creation%2Fdeletion%20(aka%20onboarding%2Foffboarding)%20of%20Azure%20Sentinel%20on%20a%20workspace.%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20aria-level%3D%221%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20aria-level%3D%221%22%20id%3D%22toc-hId-2105394031%22%20id%3D%22toc-hId-2106346170%22%20id%3D%22toc-hId-2106346170%22%20id%3D%22toc-hId-2106346170%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EHow%20to%20use%20the%20new%20API%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EThis%20new%20API%2C%20now%20in%20public%20preview%2C%20is%20documented%20in%20our%20preview%20API%20documentation%3A%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2Fazure-rest-api-specs%2Fblob%2Fmaster%2Fspecification%2Fsecurityinsights%2Fresource-manager%2FMicrosoft.SecurityInsights%2Fpreview%2F2021-03-01-preview%2FOnboardingStates.json%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2Fazure-rest-api-specs%2Fblob%2Fmaster%2Fspecification%2Fsecurityinsights%2Fresource-manager%2FMicrosoft.SecurityInsights%2Fpreview%2F2021-03-01-preview%2FOnboardingStates.json%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3ESome%20examples%26nbsp%3Bon%26nbsp%3Bhow%20to%20use%20this%20new%20API%20can%20be%20found%20here%3A%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2Fazure-rest-api-specs%2Ftree%2Fmaster%2Fspecification%2Fsecurityinsights%2Fresource-manager%2FMicrosoft.SecurityInsights%2Fpreview%2F2021-03-01-preview%2Fexamples%2FonboardingStates%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ehttps%3A%2F%2Fgithub.com%2FAzure%2Fazure-rest-api-specs%2Ftree%2Fmaster%2Fspecification%2Fsecurityinsights%2Fresource-manager%2FMicrosoft.SecurityInsights%2Fpreview%2F2021-03-01-preview%2Fexamples%2FonboardingStates%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20aria-level%3D%221%22%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20aria-level%3D%221%22%20id%3D%22toc-hId-297939568%22%20id%3D%22toc-hId-298891707%22%20id%3D%22toc-hId-298891707%22%20id%3D%22toc-hId-298891707%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EMigration%20to%20the%20new%20model%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EDuring%20the%20public%20preview%20stage%20both%20the%20previous%20API%20method%20and%20the%20new%20API%20method%20will%20work%20seamlessly.%20No%20existing%20usage%20will%20be%20broken%2C%20and%20customers%20can%20expect%20all%20current%20flows%20to%20work%20as%20expected.%20The%20UI%20component%20itself%20has%20already%20been%20changed%20to%20use%20the%20new%20API%20call.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22auto%22%3EOnce%20this%20API%26nbsp%3Bgoes%26nbsp%3Bto%20general%20availability%20(GA)%2C%20we%20will%20deprecate%20the%20current%20API.%20We%20will%20communicate%20beforehand%20to%20customers%20regularly%20using%20the%20old%20method%2C%20but%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3Ecustomers%20are%20expected%20to%20start%20using%20the%20new%20method%20no%20later%20than%26nbsp%3BSeptember%2010%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3Eth%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSTRONG%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B2021.%3C%2FSPAN%3E%3C%2FSTRONG%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1509514895%22%20id%3D%22toc-hId--1508562756%22%20id%3D%22toc-hId--1508562756%22%20id%3D%22toc-hId--1508562756%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ENote%20on%20the%E2%80%AFSecurityInsights%E2%80%AFsolution%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EAs%20part%20of%20onboarding%20to%20Azure%20Sentinel%2C%20the%E2%80%AFSecurityInsights%E2%80%AFsolution%20is%20installed%20on%20the%20Log%20Analytics%20workspace.%20If%20you%20had%20the%20chance%20to%20manage%20your%20Azure%20Sentinel%20resource(s)%20using%20the%20API%20in%20the%20past%2C%20you%20might%E2%80%AFhave%20manually%20installed%2Fremoved%20the%26nbsp%3BSecurityInsights%26nbsp%3Bsolution%20on%2Ffrom%20the%20workspace.%20As%20part%20of%20introducing%20the%20new%26nbsp%3BOnboardingStates%26nbsp%3BAPI%2C%20this%20manual%20management%20of%20the%20solution%20will%20no%20longer%20be%20supported.%20Hence%2C%20you%20should%20neither%20install%20nor%20remove%20the%26nbsp%3BSecurityInsights%26nbsp%3Bsolution%20directly.%20Instead%2C%20either%20use%20the%E2%80%AF%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsentinel%2Fquickstart-onboard%23enable-azure-sentinel-%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Portal%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E%E2%80%AFor%20the%26nbsp%3BOnboardingStates%26nbsp%3Bendpoints%20to%20manage%20Azure%20Sentinel%20on%20a%20workspace.%E2%80%AF%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-contrast%3D%22none%22%3EThe%20statement%20above%26nbsp%3Balso%20applies%20to%20the%20current%20methods%20to%20install%20the%26nbsp%3BSecurityInsights%26nbsp%3Bsolution%20via%20ARM%20template%26nbsp%3B(using%26nbsp%3B%3C%2FSPAN%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3EMicrosoft.OperationsManagement%2Fsolutions%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-contrast%3D%22none%22%3E%26nbsp%3Bresource%20type)%26nbsp%3Bor%20PowerShell%26nbsp%3B(using%26nbsp%3B%3C%2FSPAN%3E%3CI%3E%3CSPAN%20data-contrast%3D%22none%22%3ENew-AzMonitorLogAnalyticsSolution%3C%2FSPAN%3E%3C%2FI%3E%3CSPAN%20data-contrast%3D%22none%22%3E%26nbsp%3Bcmdlet).%20The%20new%26nbsp%3BOnboardingStates%26nbsp%3Bendpoint%20is%20already%20available%20to%20be%20used%20in%20ARM%20templates%20(see%20a%20sample%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FTools%2FARM-Templates%2FOnboarding%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Ehere%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E)%26nbsp%3Band%26nbsp%3Bwe%20expect%20to%20add%20PowerShell%20support%20soon%20as%20part%20of%26nbsp%3Bthe%26nbsp%3BAz.SecurityInsights%26nbsp%3Bmodule.%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233117%26quot%3B%3Atrue%2C%26quot%3B134233118%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A240%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH2%20aria-level%3D%221%22%20id%3D%22toc-hId-977997938%22%20id%3D%22toc-hId-978950077%22%20id%3D%22toc-hId-978950077%22%20id%3D%22toc-hId-978950077%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EAdditional%20resources%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335551550%26quot%3B%3A1%2C%26quot%3B335551620%26quot%3B%3A1%2C%26quot%3B335559738%26quot%3B%3A240%2C%26quot%3B335559739%26quot%3B%3A0%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FH2%3E%0A%3CUL%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%221%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%221%22%20data-aria-level%3D%221%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3ELink%20to%20technical%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Fblob%2Fb7a612061b28e426862e661f051f6e5222f85392%2Fdocs%2FAzure%2520Sentinel%2520management.docx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3Edocumentation%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22auto%22%3E%26nbsp%3B-%20will%20be%20replaced%20by%20official%20API%20documentation%20once%20the%20feature%20becomes%20GA%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%221%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%222%22%20data-aria-level%3D%221%22%3E%3CSPAN%20data-contrast%3D%22auto%22%3ECurrently%20there%20are%20still%20released%26nbsp%3Btools%20and%26nbsp%3Bmaterials%20that%20use%20the%20old%20onboarding%20method.%20Over%20the%20next%20few%20weeks%2C%20and%20before%20the%20GA%20of%20the%20new%20method%2C%20we%20will%20update%20these%20as%20well%20to%20use%20the%20new%20method.%20These%20include%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-gb%2Fresources%2Ftemplates%2Fazure-sentinel%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EEnable%20Azure%20Sentinel%20(microsoft.com)%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3E%2C%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3ESentinel2Go%20(%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-to-go-part1-a-lab-w-prerecorded-data-amp-a-custom%2Fba-p%2F1260191%22%20target%3D%22_blank%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Sentinel%20To-Go%20(Part1)%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E)%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3Eand%26nbsp%3BSentinel%20All-In-One%20(%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fazure-sentinel-all-in-one-accelerator%2Fba-p%2F1807933%22%20target%3D%22_blank%22%3E%3CSPAN%20data-contrast%3D%22none%22%3EAzure%20Sentinel%20All-In-One%20Accelerator%20-%20Microsoft%20Tech%20Community%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-contrast%3D%22none%22%3E)%3C%2FSPAN%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%20data-leveltext%3D%22%EF%82%B7%22%20data-font%3D%22Symbol%22%20data-listid%3D%221%22%20aria-setsize%3D%22-1%22%20data-aria-posinset%3D%223%22%20data-aria-level%3D%221%22%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Sentinel%2Ftree%2Fmaster%2FTools%2FARM-Templates%2FOnboarding%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%3CSPAN%20data-contrast%3D%22none%22%3ESample%20ARM%20template%20using%20th%3C%2FSPAN%3E%3CSPAN%20data-contrast%3D%22none%22%3Ee%20new%20method.%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%20data-ccp-props%3D%22%7B%26quot%3B134233279%26quot%3B%3Atrue%2C%26quot%3B201341983%26quot%3B%3A0%2C%26quot%3B335559739%26quot%3B%3A160%2C%26quot%3B335559740%26quot%3B%3A259%7D%22%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2640471%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22TextRun%20SCXW227632701%20BCX0%22%20data-contrast%3D%22none%22%3E%3CSPAN%20class%3D%22NormalTextRun%20SCXW227632701%20BCX0%22%20data-ccp-parastyle%3D%22Subtitle%22%3EA%20new%20centralized%20API%20to%20onboard%20and%20offboard%20to%20Azure%20Sentinel%20to%20simplify%20deployments%20and%20management%3C%2FSPAN%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2640471%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAPI%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eautomation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20Sentinel%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2683638%22%20slang%3D%22en-US%22%3ERe%3A%20What's%20new%3A%20Azure%20Sentinel%20new%20onboarding%2Foffboarding%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2683638%22%20slang%3D%22en-US%22%3E%3CP%3EHey%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F624382%22%20target%3D%22_blank%22%3E%40Ely_Abramovitch%3C%2FA%3E%26nbsp%3B%2C%26nbsp%3Bthis%20solution%20works%20fine%20for%20me%20when%20the%20subscription%20is%20not%20a%20new%20one%2C%20but%20if%20I%20want%20to%20use%20it%20on%20a%20virgin%20subscription%20I%20get%20an%20internal%20server%20error.%3C%2FP%3E%3CP%3EI%20use%20ARM%20template%20(subscriptionDeploymentTemplate.json)%20to%20deploy%20a%20resource%20group%2C%20then%20create%20a%20LAW%20in%20it%20and%20then%20enable%20Sentinel%20on%20it.%20When%20I%20use%20the%20older%20solution%20(Microsoft.OperationsManagement%2Fsolutions)%20it%20works%20just%20fine%2C%20I%20can%20deploy%20the%20above-mentioned%20resources.%20But%20if%20I%20try%20to%20use%20the%20new%20solution%20(Microsoft.OperationalInsights%2Fworkspaces%2Fproviders%2FonboardingStates)%20then%20I%20get%20this%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%7B%3CBR%20%2F%3E%22status%22%3A%20%22Failed%22%2C%3CBR%20%2F%3E%22error%22%3A%20%7B%3CBR%20%2F%3E%22code%22%3A%20%22InternalServerError%22%2C%3CBR%20%2F%3E%22message%22%3A%20%22Internal%20server%20error%22%3CBR%20%2F%3E%7D%3CBR%20%2F%3E%7D%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20resource%20group%20is%20still%20deployed%2C%20I%20can%20also%20see%20the%20LAW%20being%20deployed%2C%20but%20the%20Sentinel%20is%20not%20enabled%20because%20of%20this%20error.%3CBR%20%2F%3EI%20assume%20this%20is%20not%20a%20normal%20behavior.%20If%20needed%20I%20can%20share%20my%20code%20somewhere.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Aug 15 2021 02:21 AM
Updated by:
www.000webhost.com