https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/537133#M167 <P><SPAN>Panorama&nbsp;</SPAN><BR />OS version 10.1.x&nbsp;&nbsp;<BR />Azure plugin 3.1</P><P>&nbsp;</P><P>I can the below error, when trying to validate Service Principle&nbsp;</P><P>&nbsp;</P><P><SPAN>Failed to validate credentials with error - Failed to validated Azure Monitoring permissions and Deployment permissions. Error: Failed to validate monitoring permissions. Error: Missing permission for &amp;#39;Microsoft.Compute/virtualMachines/read&amp;#39;, please update service principal.</SPAN></P><P>&nbsp;</P><P><SPAN>Azure App is set with "reader"&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Can anyone explain more what to check or what the problem could be ?</SPAN></P> Thu, 30 Mar 2023 17:42:02 GMT CStorrar 2023-03-30T17:42:02Z https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/404273#M66 <P>While setting up the Service Principal on Panorama Plugin for Azure, even though the IAM role of reader seems to be properly defined in Azure we get this error message during the validation phase:</P><P><FONT face="courier new,courier">ERROR: Validation of #######-####-####-############ failed with msg Failed to validate credentials with error - Failed to validated Azure Monitoring permissions and Deployment permissions. Error: Failed to validate monitoring permissions. Error: Missing permission for 'Microsoft.Compute/virtualMachines/read', please update service principal.</FONT></P><P>Any ideea what else might cause this? Most probably is something very simple we are missing but we run out of troubleshooting leads now and any suggestion will be highly appreciated.</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 30 Apr 2021 16:34:56 GMT https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/404273#M66 cezarb 2021-04-30T16:34:56Z https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/476254#M130 <P>Having the same issue, did you ever resolve this?</P> Mon, 28 Mar 2022 10:42:15 GMT https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/476254#M130 MichaelBredell 2022-03-28T10:42:15Z https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/476608#M131 <P>Yes, I'm having this issue as well and have a TAC case open, but so far no luck - please post if you find a solution!</P> Tue, 29 Mar 2022 14:19:04 GMT https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/476608#M131 Blake_Wofford 2022-03-29T14:19:04Z https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/480140#M135 <DIV>PLUG-7780 -&nbsp;<SPAN>When the monitoring definition service principle for VM monitoring in Azure is configured correctly on the Panorama plugin for Azure 3.0.x with PAN-OS 10.0.x, the service principal validation check displays as failed under</SPAN><SPAN>&nbsp;</SPAN></DIV><DIV class=""><DIV><DIV>Panorama &gt; Azure &gt;&nbsp;Setup &gt; Service Principal</DIV></DIV>.</DIV><P>Please find the list of actions/permissions required to support monitoring for the Azure 3.0.1 plugin below:</P><P>&nbsp;</P><P>The list of permissions required to enable monitoring are as below:</P><P>"actions": [<BR />"Microsoft.Compute/virtualMachines/read",<BR />"Microsoft.Network/networkInterfaces/read",<BR />"Microsoft.Network/virtualNetworks/read",<BR />"Microsoft.Network/locations/serviceTags/read",<BR />"Microsoft.Network/loadBalancers/read",<BR />"Microsoft.Resources/subscriptions/resourcegroups/read",<BR />"Microsoft.Network/publicIPAddresses/read"<BR />]</P><P>&nbsp;</P><P>With these permissions assigned to a service principal, validation will fail but the monitoring functionality is not affected and the 3.0.1 plugin will continue to function as designed.</P> Wed, 13 Apr 2022 10:21:01 GMT https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/480140#M135 dmaynard 2022-04-13T10:21:01Z https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/537133#M167 <P><SPAN>Panorama&nbsp;</SPAN><BR />OS version 10.1.x&nbsp;&nbsp;<BR />Azure plugin 3.1</P><P>&nbsp;</P><P>I can the below error, when trying to validate Service Principle&nbsp;</P><P>&nbsp;</P><P><SPAN>Failed to validate credentials with error - Failed to validated Azure Monitoring permissions and Deployment permissions. Error: Failed to validate monitoring permissions. Error: Missing permission for &amp;#39;Microsoft.Compute/virtualMachines/read&amp;#39;, please update service principal.</SPAN></P><P>&nbsp;</P><P><SPAN>Azure App is set with "reader"&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Can anyone explain more what to check or what the problem could be ?</SPAN></P> Thu, 30 Mar 2023 17:42:02 GMT https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/537133#M167 CStorrar 2023-03-30T17:42:02Z https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/997842#M192 <P>Good afternoon, I have the same issue and I read that the application should have the "Reader" role. Is this correct? Could you please guide me on how to grant those permissions from the Azure portal?</P> Wed, 11 Dec 2024 19:32:43 GMT https://live.paloaltonetworks.com/t5/integration-discussions/service-principal-issues-on-panorama-plugin-for-azure/m-p/997842#M192 agagliardi 2024-12-11T19:32:43Z