Problem

When trying to provision  azurerm_sentinel_data_connector_threat_intelligence, we can get below error:

Error: creating Data Connector: (Name "example" / Workspace Name "example-workspace" / Resource Group "example-rg"): securityinsight.DataConnectorsClient#CreateOrUpdate: Failure responding to request: StatusCode=401 -- Original Error: autorest/azure: Service returned an error. Status=401 Code="Unauthorized" Message="Access denied"

Cause

This error is caused due to a permission issue with the account that is being used to provision these resources.

To provision the Threat Intelligence Platforms connector the account used must have:

• Read/Write permissions on the workspace, the Microsoft Sentinel Contributor role should cover these requirements.

• Tenant level permissions, either Global Administrator or Security Administrator

Solution

• Give at least the security administrator rights to the service principal/account used to provision the resource.
• Give the contributor rights to the service principal/account over the sentinel workspace.

Outcome

Once the required permission is given to the account/service principal used to provision the resource, the azurerm_sentinel_data_connector_threat_intelligence should get provisioned successfully.

Note: If you continue to experience issues, please contact HashiCorp Support.