https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/manual-azure-onboarding-fail/m-p/560028#M1067 <P>HI,<BR />after carrying out all the steps reported in the official guide, Azure onboarding fails.<BR />Part of the error is as follows:<BR />Prisma Cloud application is not assigned following action(s): ["Microsoft.Logic/integrationAccounts/read", "Microsoft.Insights/actionGroups/read", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.RecoveryServices/Vaults/ read", "Microsoft.Sql/servers/administrators/read", "Microsoft.Network/networkSecurityGroups/securityRules/read", "Microsoft.Authorization/classicAdministrators/read", "Microsoft.Network/networkWatchers/securityGroupView/action", " Microsoft.Quantum/Workspaces/Read", "Microsoft.StorageSync/storageSyncServices/privateLinkResources/read", "Microsoft.Sql/servers/databases/transparentDataEncryption/read"</P> <P><BR />If I use the terraform script instead, everything works correctly.<BR />In the manual procedure I also tried to use the custom role, which creates the terraform script where there are all the permissions inside (including those above)</P> <P>What can I do to understand the problem on Azure?</P> <P>Thank you<BR />Dario</P> Fri, 29 Sep 2023 12:31:37 GMT DSarnelli 2023-09-29T12:31:37Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/manual-azure-onboarding-fail/m-p/560028#M1067 <P>HI,<BR />after carrying out all the steps reported in the official guide, Azure onboarding fails.<BR />Part of the error is as follows:<BR />Prisma Cloud application is not assigned following action(s): ["Microsoft.Logic/integrationAccounts/read", "Microsoft.Insights/actionGroups/read", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.RecoveryServices/Vaults/ read", "Microsoft.Sql/servers/administrators/read", "Microsoft.Network/networkSecurityGroups/securityRules/read", "Microsoft.Authorization/classicAdministrators/read", "Microsoft.Network/networkWatchers/securityGroupView/action", " Microsoft.Quantum/Workspaces/Read", "Microsoft.StorageSync/storageSyncServices/privateLinkResources/read", "Microsoft.Sql/servers/databases/transparentDataEncryption/read"</P> <P><BR />If I use the terraform script instead, everything works correctly.<BR />In the manual procedure I also tried to use the custom role, which creates the terraform script where there are all the permissions inside (including those above)</P> <P>What can I do to understand the problem on Azure?</P> <P>Thank you<BR />Dario</P> Fri, 29 Sep 2023 12:31:37 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/manual-azure-onboarding-fail/m-p/560028#M1067 DSarnelli 2023-09-29T12:31:37Z https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/manual-azure-onboarding-fail/m-p/560979#M1075 <P>Hello&nbsp;<A id="link_9" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/319377" target="_self" aria-label="View Profile of DSarnelli"><SPAN class="">DSarnelli</SPAN></A>,</P> <P>&nbsp;</P> <P>Thank you for your question.</P> <P>&nbsp;</P> <P>Prisma Cloud allows you to add an Azure permissions Manually or via Terraform Script.</P> <P>One thing to keep in mind, if you do add permissions manually, please note that if the Cloud account onboarded is a Subscription. You would need to add the permission at the Subscription level (IAM).&nbsp;</P> <P>&nbsp;</P> <P>If you onboarded a Azure Tenant, the permissions would need to be added ad the Tenant Root Group (IAM). So even if the Prisma App contains the permissions at the Subscription level. You will still see missing permission as these permissions need to bee added at the Tenant Root Group.</P> <P>&nbsp;</P> <P>Hope this helps.</P> <P>&nbsp;</P> <P>Regards,</P> Mon, 09 Oct 2023 18:52:32 GMT https://live.paloaltonetworks.com/t5/prisma-cloud-discussions/manual-azure-onboarding-fail/m-p/560979#M1075 BCastillo 2023-10-09T18:52:32Z