after carrying out all the steps reported in the official guide, Azure onboarding fails.
Part of the error is as follows:
Prisma Cloud application is not assigned following action(s): ["Microsoft.Logic/integrationAccounts/read", "Microsoft.Insights/actionGroups/read", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.RecoveryServices/Vaults/ read", "Microsoft.Sql/servers/administrators/read", "Microsoft.Network/networkSecurityGroups/securityRules/read", "Microsoft.Authorization/classicAdministrators/read", "Microsoft.Network/networkWatchers/securityGroupView/action", " Microsoft.Quantum/Workspaces/Read", "Microsoft.StorageSync/storageSyncServices/privateLinkResources/read", "Microsoft.Sql/servers/databases/transparentDataEncryption/read"
If I use the terraform script instead, everything works correctly.
In the manual procedure I also tried to use the custom role, which creates the terraform script where there are all the permissions inside (including those above)
What can I do to understand the problem on Azure?
Thank you for your question.
Prisma Cloud allows you to add an Azure permissions Manually or via Terraform Script.
One thing to keep in mind, if you do add permissions manually, please note that if the Cloud account onboarded is a Subscription. You would need to add the permission at the Subscription level (IAM).
If you onboarded a Azure Tenant, the permissions would need to be added ad the Tenant Root Group (IAM). So even if the Prisma App contains the permissions at the Subscription level. You will still see missing permission as these permissions need to bee added at the Tenant Root Group.
Hope this helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!