Prisma Cloud: Error pertaining to Missing Data Action(s) for "Microsoft.KeyVault/vaults/keys/unwrap/action" and "Microsoft.KeyVault/vaults/keys/wrap/action" seen while Onboarding Azure Cloud Account in Prisma Cloud

Prisma Cloud: Error pertaining to Missing Data Action(s) for "Microsoft.KeyVault/vaults/keys/unwrap/action" and "Microsoft.KeyVault/vaults/keys/wrap/action" seen while Onboarding Azure Cloud Account in Prisma Cloud

548
Created On 07/11/23 15:35 PM - Last Modified 01/26/26 21:49 PM


Symptom


  • Error pertaining to Missing Data Action(s) for "Microsoft.KeyVault/vaults/keys/unwrap/action" and "Microsoft.KeyVault/vaults/keys/wrap/action" seen while Onboarding Azure Cloud Account in Prisma Cloud

GUI Path: Settings > Providers > Select cloud account > Amber status

image.png

Environment


  • Prisma Cloud 
  • Azure

Cause


  • The Permission Error related to KeyVault is seen when the following mentioned Data Action(s) are missing at the Tenant level:
image.png
  • The missing Data Actions mentioned are not supported for Custom Role
  • This is a limitation from Azure end

Resolution


  • Give the 'Key Vault Crypto Service Encryption User` built-in role at Tenant Level which has the mentioned permissions
  • These are present in Prisma Cloud's static and dynamic Terraform Templates as well

Procedure to add the 'Key Vault Crypto Service Encryption User' Role:

  1. Navigate to Azure Tenant Root > IAM > Roles > search: Key Vault Crypto Service Encryption User

    image.png
  2. Add the Prisma Cloud Account to the Key Vault Crypto Service Encryption User Role to resolve the issue with ingestion. The permissions are included in the Role.

Additional Information



 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000bqMxCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language