Share via

Unable to enable intelligence pack in Log Analytics workspace error while linking to defender for IoT

Arjun Sivasree 60 Reputation points
2025-02-14T08:42:28.9533333+00:00

Hello everyone,

Context

To understand how defender for IoT for device builders work, I am linking log analytics workspace to the defender for IoT as per this document

I followed the MS instructions to setup resource provider and access control for log analytics workspace.

Then I went to enable Defender for iot --> settings --> data collection to link the log analytics workspace.

Challenge

I am facing the following error

FailedDependency

Unable to enable intelligence pack in Log Analytics workspace '/subscriptions/.../providers/microsoft.operationalinsights/workspaces/law-defender-for-iot', please make sure to grant the required permissions to access the Defender for IoT experience.

Would need the community's help to understand If I missed giving any access permissions for this attachment to succeed or what to do to solve this or any leads would help?

Thanks

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,247 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sampath 510 Reputation points Microsoft External Staff
    2025-02-19T12:07:06.8533333+00:00

    Hello @Arjun Sivasree,

    I’m glad you were able to resolve your issue, and I appreciate you sharing the solution! This will be helpful for others facing a similar problem. Since the Microsoft Q&A community has a policy that “The question author cannot accept their own answer. They can only accept answers by others,” I’m reposting your solution in case you’d like to accept the answer.

    Solution:

    After investigating the issue, I found that Defender for IoT was attempting to enable the “Security” intelligence pack in the Log Analytics workspace but was failing to add it.

    By checking the activity logs of the Log Analytics workspace, I identified the missing intelligence packs and was able to enable them using Azure CLI commands.

    Here’s what worked:

    Steps to Resolve:

    1. Check Activity Logs – Identify the intelligence pack that Defender for IoT is trying to enable.
    2. Enable the Required Intelligence Packs using the following CLI commands: 
         az login --identity
   
   az account set --subscription "<subid>"
   
   az monitor log-analytics workspace pack enable --name AzureSecurityOfThings --resource-group <resource-group-name> --workspace-name <workspace-name>
   
   az monitor log-analytics workspace pack enable --name Security --resource-group <resource-group-name> --workspace-name <workspace-name>
    3. Ensure Both Security Packs Are Enabled – In my case, I had to enable both "AzureSecurityOfThings" and "Security".

    Once these were enabled, the issue was resolved, and the Log Analytics workspace successfully linked with Defender for IoT.

    Hope this helps others facing the same challenge!

    If the answer is helpful, please click Accept Answer and kindly upvote it so that other people who faces similar issue may get benefitted from it.
    accept

    1 person found this answer helpful.
    0 comments
  2. Arjun Sivasree 60 Reputation points
    2025-02-24T17:50:45.3933333+00:00

    Ok. I got this to work finally.

    I checked the activity logs of logs analytics workspace and found the intelligence pack that defender for IoT was trying to enable.

    Highlighting points 2 and 3 in the image, you can see that defender started to enable intelligence pack "Security" but was failing to add it.

    issues_resolution_intelligence_pack

    Adding the same using the CLI commands given in below helped solve the issues.

    az login --identity

az account set --subscription "<subid>"

az monitor log-analytics workspace pack enable --name AzureSecurityOfThings --resource-group <resource-group-name> --workspace-name <workspace-name>

az monitor log-analytics workspace pack enable --name Security --resource-group <resource-group-name> --workspace-name <workspace-name>

    So, in total, I added 2 security packs: "AzureSecurityOfThings" and "Security".

    Thanks for helps folks.

    1 person found this answer helpful.
  3. Alex Burlachenko 1,665 Reputation points
    2025-02-19T12:20:01.1533333+00:00

    Hey, the classic "FailedDependency" error Azure’s way of saying, "I’m not mad, just disappointed lol" Sounds like you’ve done the groundwork with the resource provider and access control, but Defender for IoT is being a bit fussy. Double-check if you’ve given the Defender for IoT service the right permissions on the Log Analytics workspace. It needs at least Contributor or Log Analytics Contributor to enable the intelligence pack. Also, make sure the workspace isn’t locked down with any sneaky resource locks or network restrictions. If all else fails, try the old IT mantra: "Have you tried turning it off and on again?" (Or, in Azure terms, re-linking the workspace.) Let me know if you crack it or if Azure wins this round. Cheers! Alex

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.