You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Microsoft Sentinel UEBA - there is a reference to not having any resource locks applied to the workspace. The link refers back to this page but I have not been able to find any documentation on this page about Microsoft Sentinel, UEBA and Resource Locks. Here is the url https://docs.microsoft.com/en-us/azure/sentinel/enable-entity-behavior-analytics and here is what it says: Your workspace must not have any Azure resource locks applied to it. Learn more about Azure resource locking. It needs to be prominently put on the Resource Locks page as something not to do if you would like to enable UEBA.
Copy file name to clipboardExpand all lines: articles/azure-resource-manager/management/lock-resources.md
+2Lines changed: 2 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,6 +58,8 @@ Applying locks can lead to unexpected results because some operations that don't
58
58
59
59
- A cannot-delete lock on a **resource group** prevents **Azure Machine Learning** from autoscaling [Azure Machine Learning compute clusters](../../machine-learning/concept-compute-target.md#azure-machine-learning-compute-managed) to remove unused nodes.
60
60
61
+
- A read-only lock on a log analytics workspace will prevent **User and Entity Behavior Analytics (UEBA)** from being enabled.
62
+
61
63
- A read-only lock on a **subscription** prevents **Azure Advisor** from working correctly. Advisor is unable to store the results of its queries.
62
64
63
65
- A read-only lock on an **Application Gateway** prevents you from getting the backend health of the application gateway. That [operation uses POST](/rest/api/application-gateway/application-gateways/backend-health), which is blocked by the read-only lock.
0 commit comments