Microsoft Sentinel relies on api.loganalytics.io, which is the documented API endpoint for Azure's Log Analytics. An example of issued request is the following one:
POST https://api.loganalytics.io/v1/subscriptions/REDACTED/resourceGroups/REDACTED/providers/Microsoft.OperationalInsights/workspaces/REDACTED/metadata?select=categories,solutions,tables,workspaces
The api.loganalytics.io domain is however indirectly blocked as it is a CNAME for api.monitor.azure.com which is on the block-list.
Microsoft Sentinel relies on
api.loganalytics.io, which is the documented API endpoint for Azure's Log Analytics. An example of issued request is the following one:The
api.loganalytics.iodomain is however indirectly blocked as it is a CNAME forapi.monitor.azure.comwhich is on the block-list.This causes Azure to break.
While I have added an exception for it, it might be worth considering whether the
api.monitor.azure.comblock is intentional.