Microsoft Sentinel relies on api.loganalytics.io, which is the documented API endpoint for Azure's Log Analytics. An example of issued request is the following one:
POST https://api.loganalytics.io/v1/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.OperationalInsights/workspaces/REDACTED/metadata?select=categories,solutions,tables,workspaces
The api.loganalytics.io domain is however indirectly blocked as it is a CNAME for api.monitor.azure.com which is on the block-list.
Microsoft Sentinel relies on
api.loganalytics.io
, which is the documented API endpoint for Azure's Log Analytics. An example of issued request is the following one:The
api.loganalytics.io
domain is however indirectly blocked as it is a CNAME forapi.monitor.azure.com
which is on the block-list.This causes Azure to break.![image](https://github.com/lightswitch05/hosts/assets/46688461/db83f8c8-d9bc-4298-99f0-e3f9c6464a0b)
While I have added an exception for it, it might be worth considering whether the
api.monitor.azure.com
block is intentional.