I’m trying to send the activity logs from all subscriptions in my lab to Sentinel.
I’m Global Administrator and even gave myself ‘User Access Administrator’
https://learn.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin?tabs=azure-portal#Overview
I’m following the steps in the Sentinel Lab –
https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Training/Azure-Sentinel-Training-Lab/Modules/Module-2-Data-Connectors.md
I’ve added them in Content Hub and when trying to go through the ‘Data Connector’ steps the ‘Launch Azure Policy Assignment wizard’ and I set it to ‘Tenant Root Group’.
I point it to the LA workspace but when I click on Create I get the following error –
“RP Registration failed
Failed to register Microsoft.PolicyInsights resource provider with assignment scope. The client(me Global Admin) with object id ‘me’ does not have authorization to perform action ‘Microsoft.PolicyInsights/register/action’ over scope ‘/providers/Microsoft.Management/managementGroup …”
I’ve checked and Microsoft.PolicyInsights is registered in all the subscriptions.
If I add one subscription BUT under ‘Remediation’ do a ‘select the Remediation tab and mark the Create a remediation task check box.’ will it add all my current subscriptions or just new ones?
Is there anything else I can try? I was more curious how admin handle multiple subscriptions and activity logs.
Thank you!!