Prisma Cloud Autoremediation rule failing for Azure Policy

Prisma Cloud Autoremediation rule failing for Azure Policy

109
Created On 11/14/25 19:53 PM - Last Modified 11/14/25 22:20 PM


Symptom


• Prisma Cloud auto-remediation rules failing for Azure Network Security Group policies.
• Manual remediation attempts failing with an authorization error.


 

 

Environment


  • Prisma Cloud
  • Alerts Auto Remediation
  • Azure Policy

Cause


  • The root cause was identified as insufficient permissions in Azure. Specifically, the 'Microsoft.Network/networkSecurityGroups/securityRules/write' permission was missing for the role assigned to the Azure subscription/application.
  • Additionally, the 'Remediation' option in Prisma Cloud's Cloud Account settings was not enabled, indicating that necessary permissions were not configured during the initial onboarding.

Resolution


  • Add the missing 'Microsoft.Network/networkSecurityGroups/securityRules/write' permission to the role assigned to the Azure subscription/application

Additional Information


N/A
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000kAY0KAM&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail