Prisma 在无代理扫描后添加到 Azure 云的资源不会被删除

• 在日志中我们可以看到类似以下错误：

Account is missing permissions. target:"<Target_Name>" hub:"" region: <Region_Name>. <ID> is missing permissions: Microsoft.Resources/subscriptions/resourceGroups/write, Microsoft.Network/networkInterfaces/write, Microsoft.Network/networkInterfaces/delete, Microsoft.Network/networkInterfaces/join/action, Microsoft.Network/networkSecurityGroups/write, Microsoft.Network/networkSecurityGroups/delete, Microsoft.Network/networkSecurityGroups/join/action, Microsoft.Network/virtualNetworks/write, Microsoft.Network/virtualNetworks/delete, Microsoft.Network/virtualNetworks/subnets/join/action, Microsoft.Compute/disks/write, Microsoft.Compute/disks/delete, Microsoft.Compute/disks/beginGetAccess/action, Microsoft.Compute/snapshots/write, Microsoft.Compute/snapshots/delete, Microsoft.Compute/virtualMachines/write, Microsoft.Compute/virtualMachines/delete
DEBU  scanner.go:271 Skipping account "Azure CRI" due to missing permissions
DEBU  scanner.go:253 Failed to check account permissions. target:"<Target_Name>" hub:"" region: <Region_Name>. failed to check account permissions in credential "<Name>": googleapi: Error 403: Request had insufficient authentication scopes.

• Azure
• 无代理扫描
• 资源

• 缺少权限，这就是扫描完成后虚拟机未被删除的原因。
• 可能在通过 CSPM 入职期间启用了无代理扫描选项。

• 要使用无代理 Prisma，需要额外的删除权限，这也可以在 Prisma Onboarding 流程的入职模板中进行验证。Prisma cosole？设置？云帐户？编辑：配置帐户
• 要禁用无代理扫描：CSPM？设置？云帐户