Manual Azure Onboarding Fail

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Manual Azure Onboarding Fail

L0 Member

HI,
after carrying out all the steps reported in the official guide, Azure onboarding fails.
Part of the error is as follows:
Prisma Cloud application is not assigned following action(s): ["Microsoft.Logic/integrationAccounts/read", "Microsoft.Insights/actionGroups/read", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.RecoveryServices/Vaults/ read", "Microsoft.Sql/servers/administrators/read", "Microsoft.Network/networkSecurityGroups/securityRules/read", "Microsoft.Authorization/classicAdministrators/read", "Microsoft.Network/networkWatchers/securityGroupView/action", " Microsoft.Quantum/Workspaces/Read", "Microsoft.StorageSync/storageSyncServices/privateLinkResources/read", "Microsoft.Sql/servers/databases/transparentDataEncryption/read"


If I use the terraform script instead, everything works correctly.
In the manual procedure I also tried to use the custom role, which creates the terraform script where there are all the permissions inside (including those above)

What can I do to understand the problem on Azure?

Thank you
Dario

1 REPLY 1

L2 Linker

Hello DSarnelli,

 

Thank you for your question.

 

Prisma Cloud allows you to add an Azure permissions Manually or via Terraform Script.

One thing to keep in mind, if you do add permissions manually, please note that if the Cloud account onboarded is a Subscription. You would need to add the permission at the Subscription level (IAM). 

 

If you onboarded a Azure Tenant, the permissions would need to be added ad the Tenant Root Group (IAM). So even if the Prisma App contains the permissions at the Subscription level. You will still see missing permission as these permissions need to bee added at the Tenant Root Group.

 

Hope this helps.

 

Regards,

  • 1256 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!