How to Manually Add Missing Prisma Cloud Role Permissions in Azure to Resolve Amber Cloud Account Status

How to Manually Add Missing Prisma Cloud Role Permissions in Azure to Resolve Amber Cloud Account Status

15317
Created On 06/10/22 22:25 PM - Last Modified 04/05/24 23:15 PM


Objective


In this How To you will learn how to manually add missing Prisma Cloud role permissions in Azure to resolve amber cloud account status. 

Environment


  • Microsoft Azure 
  • Prisma Cloud

Procedure


If you notice that your Azure cloud account is signaling an amber status, it could be because of missing permissions. 

Prisma Cloud and Microsoft Azure update permissions periodically according to new releases.
This may require the customer to manually update their permissions.  

Please follow the steps below to remediate the issue:
  • Prisma Cloud > Settings > Cloud Accounts > Edit Cloud Account
Screenshot 2024-04-05 at 4.08.14 PM.png
  1. Sign in to your Azure Console and go to Management Groups > Click on Tenant Root Groups
    • If you have onboarded a singular Azure Subscription, select the subscription. 
    • Ensure that you have global administrator permissions. 

Screen Shot 2022-06-10 at 5.52.11 PM.png
rtaImage (1).png

 
  1. Click on Access Control(IAM) > Click on + Add > Add Custom Role 
Screen Shot 2022-06-13 at 2.35.05 PM.png
  1. Give a name for custom role and  select "Next."
  2. On the Permissions Screen select > Add Permissions and search for your missing permissions. 
    • If adding multiple permissions, they will have to be added one at a time. 
Screen Shot 2022-06-13 at 3.04.11 PM.png
  • Some common ones are the following:
    • Microsoft.Network/networkWatchers/securityGroupView/action
    • Microsoft.Network/virtualwans/vpnconfiguration/action
    • Microsoft.Network/networkInterfaces/effectiveNetworkSecurityGroups/action
  1. Once added hit next and confirm the assignable scopes and hit "Next."
  2.  Review and confirm JSON, if it looks good, hit "Next." 
  3. On the next screen verify that all the information is correct and hit "Create."
  4. Once the custom role is created, you can add the role assignment to the Prisma Cloud app under Management Groups>Tenant Root Group> Access Control (IAM)> Add Role Assignment
Screen Shot 2022-06-13 at 3.09.06 PM.png
  1. Search for the role you created and hit "Next."
Screen Shot 2022-06-13 at 3.14.59 PM.png
  1. Select + Members and search for Prisma Cloud App select "Next" and then select "Review + Assign."
Screen Shot 2022-06-13 at 3.16.45 PM.png
  1. Once the permission  is added, wait at least 4 hours to see if the error goes away in Prisma Cloud. 

Additional Information


  • Prisma Cloud periodically requires new permissions based on new releases. Release Notes can be seen here
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sYkpCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language