The azure-native:securityinsights:AADDataConnector resource, part of the Pulumi Azure Native provider, connects Azure Active Directory as a data source to a Microsoft Sentinel workspace. This guide focuses on one capability: workspace attachment for AAD log ingestion.
Data connectors link external data sources to Sentinel workspaces. The connector requires an existing Sentinel workspace and resource group. The example is intentionally minimal. Extend it with dataTypes configuration to filter specific log categories or tenantId for cross-tenant scenarios.
Connect Azure AD logs to Sentinel workspace
Security teams monitoring identity patterns need Azure AD sign-in and audit logs flowing into Sentinel for threat detection.
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const aadDataConnector = new azure_native.securityinsights.AADDataConnector("aadDataConnector", {
dataConnectorId: "c345bf40-8509-4ed2-b947-50cb773aaf04",
resourceGroupName: "myRg",
workspaceName: "myWorkspace",
});
import pulumi
import pulumi_azure_native as azure_native
aad_data_connector = azure_native.securityinsights.AADDataConnector("aadDataConnector",
data_connector_id="c345bf40-8509-4ed2-b947-50cb773aaf04",
resource_group_name="myRg",
workspace_name="myWorkspace")
package main
import (
securityinsights "github.com/pulumi/pulumi-azure-native-sdk/securityinsights/v3"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := securityinsights.NewAADDataConnector(ctx, "aadDataConnector", &securityinsights.AADDataConnectorArgs{
DataConnectorId: pulumi.String("c345bf40-8509-4ed2-b947-50cb773aaf04"),
ResourceGroupName: pulumi.String("myRg"),
WorkspaceName: pulumi.String("myWorkspace"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var aadDataConnector = new AzureNative.SecurityInsights.AADDataConnector("aadDataConnector", new()
{
DataConnectorId = "c345bf40-8509-4ed2-b947-50cb773aaf04",
ResourceGroupName = "myRg",
WorkspaceName = "myWorkspace",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.securityinsights.AADDataConnector;
import com.pulumi.azurenative.securityinsights.AADDataConnectorArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var aadDataConnector = new AADDataConnector("aadDataConnector", AADDataConnectorArgs.builder()
.dataConnectorId("c345bf40-8509-4ed2-b947-50cb773aaf04")
.resourceGroupName("myRg")
.workspaceName("myWorkspace")
.build());
}
}
resources:
aadDataConnector:
type: azure-native:securityinsights:AADDataConnector
properties:
dataConnectorId: c345bf40-8509-4ed2-b947-50cb773aaf04
resourceGroupName: myRg
workspaceName: myWorkspace
The dataConnectorId uniquely identifies this connector instance within the workspace. The resourceGroupName and workspaceName properties bind the connector to a specific Sentinel workspace. Once created, Azure AD logs begin flowing to the workspace’s Log Analytics tables for querying and alerting.
Beyond these examples
This snippet focuses on workspace attachment and connector identification. It’s intentionally minimal rather than a complete security monitoring deployment.
The example references pre-existing infrastructure such as a Sentinel workspace in a resource group. It focuses on connector configuration rather than provisioning the workspace itself.
To keep things focused, common connector patterns are omitted, including:
- Data type filtering (dataTypes property)
- Cross-tenant connections (tenantId property)
- Connector state management (etag for concurrency)
These omissions are intentional: the goal is to illustrate how the connector is wired to a workspace, not provide a drop-in security module. See the AADDataConnector resource reference for all available configuration options.
Let's configure Azure Active Directory Data Connectors
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Try Pulumi Cloud for FREEFrequently Asked Questions
Configuration & Setup
dataConnectorId, resourceGroupName, and workspaceName. The kind property must be set to AzureActiveDirectory. The tenantId and dataTypes properties are optional.kind property must be set to AzureActiveDirectory for this connector type.Immutability & Updates
dataConnectorId, resourceGroupName, and workspaceName properties are immutable. Changing any of these requires recreating the resource.Import & Migration
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.OperationalInsights/workspaces/{workspaceName}/providers/Microsoft.SecurityInsights/dataConnectors/{dataConnectorId}