Understanding the Little Blue Permissions Locks in Azure Sentinel Data Connectors

This question comes up more than I expect, so I thought it worthy to put a short blog post to it.

Azure Sentinel Data Connectors have a cool, time-saving feature that automatically checks the logged-in user’s credentials against the list of prerequisites to enable the data connection.

When attempting to enable a Data Connector you might come across a little blue lock on a prerequisite check as shown in the image, even though you know for certain you have appropriate rights to the resource. In our image example, it’s Microsoft Cloud App Security (MCAS).

Red X and blue lock

This is most times preceded by a red ‘x‘ on the previous prerequisite check. The prerequisite check is a workflow, i.e., the credential verification happens in order of the steps shown. If you don’t meet the criteria for one of the steps in the workflow, it stops and doesn’t continue to the next check.

Fix the red ‘x’ and attempt to enable the Data Connector again.



[Want to discuss this further? Hit me up on Twitter or LinkedIn]


Leave a Reply