Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enhance your career with this limited time 50% discount on Fabric and Power BI exams. Ends August 31st. Request your voucher.

Reply
Danfountain
Helper I
Helper I

Copy Data from Log Analytics into fabric

‎08-08-2025 02:54 AM

Hi all,

 

I am really struggling with trying to get data from Log Analytics into Fabric (for consuming with other auditing logs from other sources).

 

I kind of managed to get it running but the Authentication is causing some issues.  I have a Power BI gateway to connect to sources.  Where as the service account I use to connect to SQL doesnt prompt MFA, the same service account when connecting to the Log Analytics is then triggering MFA which I cannot set up as its a service account.  Therefore I am temporarily using my own account but I think the MFA is timing out after a couple of days.

 

Whats the easiest way to get data from Log Analytics automatically on a daily basis?  I just cannot seem to work it out.  Happy to use any of the data factory toolset (I am currently a Data Flow Gen 2).

 

Dan

Labels:
Message 1 of 4
172 Views
0
1 ACCEPTED SOLUTION
v-tsaipranay
Community Support
Community Support

‎08-08-2025 04:52 AM

Hi @Danfountain ,

Thank you for reaching out to the Microsoft fabric community forum. 

 

The issue occurs because MFA is triggered when a service account connects to Log Analytics, which interrupts your automated daily data ingestion into Fabric. Using a personal account as a workaround isn’t recommended, as token expiration causes ongoing failures.

A more effective solution is to use an Azure App Registration (service principal) with client credentials (client ID and secret or certificate). This approach avoids MFA and is designed for automated, non-interactive scenarios. Assign the service principal the Log Analytics Reader role on the workspace and use the Azure Monitor REST API to query data securely.

 

In Microsoft Fabric, you can set this up with Dataflow Gen2 using the Web API connector, or create a Data Pipeline with a Copy activity to call the Log Analytics API. This allows your pipeline to run automatically on schedule.

Hope this helps. Please reach out for further assistance.

 

Thank you.

View solution in original post

Message 2 of 4
151 Views
0
3 REPLIES 3
v-tsaipranay
Community Support
Community Support

‎08-08-2025 04:52 AM

Hi @Danfountain ,

Thank you for reaching out to the Microsoft fabric community forum. 

 

The issue occurs because MFA is triggered when a service account connects to Log Analytics, which interrupts your automated daily data ingestion into Fabric. Using a personal account as a workaround isn’t recommended, as token expiration causes ongoing failures.

A more effective solution is to use an Azure App Registration (service principal) with client credentials (client ID and secret or certificate). This approach avoids MFA and is designed for automated, non-interactive scenarios. Assign the service principal the Log Analytics Reader role on the workspace and use the Azure Monitor REST API to query data securely.

 

In Microsoft Fabric, you can set this up with Dataflow Gen2 using the Web API connector, or create a Data Pipeline with a Copy activity to call the Log Analytics API. This allows your pipeline to run automatically on schedule.

Hope this helps. Please reach out for further assistance.

 

Thank you.

Message 2 of 4
152 Views
0
Danfountain
Helper I
Helper I
In response to v-tsaipranay

‎08-08-2025 05:07 AM

Thank you for that.  Marked as accepted but still have a question.

 

The same service account that the MFA is popping up for - doesnt have the same issue when connecting to Azure SQL servers.  Why is the MFA only a problem for this and not for SQL on the same account?

Message 3 of 4
148 Views
0
v-tsaipranay
Community Support
Community Support
In response to Danfountain

Monday

Hi @Danfountain ,

 

The difference in MFA behavior is because your organization's Conditional Access policies in Microsoft Entra ID are set up differently for each service. MFA can be required depending on the Azure service, the application, or the authentication method. For instance, your Azure SQL connection may use SQL authentication or a trusted network that skips CA rules, while Log Analytics uses Azure AD authentication and might have a policy that specifically requires MFA for that endpoint.

To verify this, you should work with your Azure AD administrator to review the Conditional Access policies for the service account and see if there is a policy targeting Log Analytics or the Azure portal/API. Adjusting these policies or using an App Registration with client credentials could help bypass MFA for automated, non-interactive connections.

Hope this helps. Please reach out for further assistance.

 

Thank you.

Message 4 of 4
72 Views
0

Helpful resources

Announcements
Fabric July 2025 Monthly Update Carousel

Fabric Monthly Update - July 2025

Check out the July 2025 Fabric update to learn about new features.

August 2025 community update carousel

Fabric Community Update - August 2025

Find out what's new and trending in the Fabric community.

View All