Enable Log access from managing tenant

Benjamin Graus 11 Reputation points
2022-03-10T07:07:48.133+00:00

Hi,

anyone of you tried to access LAW of customers from the managing tenant?
Our managing tenant does not have a subscription itself, so we tried to add the service principals like described here:
https://video2.skills-academy.com/en-us/azure/lighthouse/how-to/monitor-at-scale#create-log-analytics-workspaces

We received the error: 

*New-AzADServicePrincipal: Scope '/subscriptions' should have even number of parts.*

We were able to set it like this: 

*New-AzADServicePrincipal -ApplicationId 1215fb39-1d15-4c05-b2e3-d519ac3feab4 -Role Contributor -Scope "/subscriptions/*"*

But we still cannot access the logs of the customers.

Error:

To run this query, register resource provider 'Microsoft.Insights' for this subscription
Register resource provider 'Microsoft.Insights' for this subscription to enable this query

Anyone of you have seen this?

Thanks

Regards,
Ben

Azure Lighthouse
Azure Lighthouse
An Azure service that provides secure managed services and access control for partners and customers.
71 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andrew Blumhardt 9,831 Reputation points Microsoft Employee
    2022-03-10T12:43:24.027+00:00

    The instructions are a bit confusing.

    I think you need to register the provider first using the following instructions. You are trying to create service principals for App IDs that do not yet exist. https://video2.skills-academy.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider