Description
openedon Dec 7, 2020
Morning,
I am currently trying to create a new data connector to O365 with the Sentinel API. Using the address https://management.azure.com/subscriptions/**SUB_ID**/resourceGroups/**MYRG**/providers/Microsoft.OperationalInsights/workspaces/**WSNAME**/providers/Microsoft.SecurityInsights/dataConnectors/**GUID**?api-version=2020-01-01.
If I send a PUT request with my auth token then the connector is created and works fine. If we send the request from a service principal login with full access to the Azure Management API and Office 365 I get an unauthorized response. I have used the documentation from https://docs.microsoft.com/en-us/rest/api/securityinsights/dataconnectors/createorupdate which does not indicate what permissions are required for a service principal account to access the API. Is there permissions that are not documented that are required for access to this API or is this a bug.