Troubleshoot Azure Account Onboarding
During the onboarding process and after you may encounter some issues that may lead to issues with retrieving logs, metadata, scanning network traffic or identifying vulnerabilities on your Azure resources.
Use this troubleshooting guide to find tips to identify, detect, and remediate any issues that may arise.
Issue | Troubleshooting Tip |
Azure Onboarding Terraform Issues | |
Error below when running the Azure onboarding Terraform template on your local system or Azure Cloud shell.
| Your local system or Azure Cloud shell still has the old versions of Terraform libraries installed. To update to the new terraform library versions, execute terraform init -upgrade command in the directory where you want to execute terraform. Next, execute terraform apply to run Terraform. |
Following error during terraform apply step, while running Azure onboarding Terraform template on your local system or Azure Cloud Shell
| Ensure that the you have been assigned the Global Administrator role on Azure Active Directory (AD). |
Following error during terraform apply step, while running Azure onboarding Terraform template on your local system or Azure Cloud Shell
| Ensure that the you have been assigned the Global Administrator role on Azure Active Directory (AD). |
Azure Cloud Account Status related issues | |
Cloud account status shows the following error / warning for under Config on the Cloud Account Status page.
| Ensure that you have granted Admin Consent to all the Microsoft Graph API Permissions on the Azure Portal and confirm that the Status column for all the API Permissions has a green checkmark. |
Cloud account status shows error for multiple components. | Verify that you have created the required roles, added the role assignments and selected Grant Admin Consent for API permissions
If the issue still persists after you have eliminated the items above as an issue, confirm that you have given Prisma Cloud the appropriate Enterprise Application Object ID :
![]() |
Following permissions are shown as missing under Agent Based Workload Protection component under the account onboarding status tab:
| Verify that Key Vault Crypto Service Encryption User built in role is assigned at Tenant/Subscription scope to the Prisma Cloud app registration.![]() |
Cloud account status displays red and includes the following error message:
| Login to the Azure Portal and check whether the Azure subscription is deleted or disabled. Prisma Cloud cannot monitor the subscription if it is deleted or disabled. |
A child account of an already added Tenant on Prisma Cloud is modified on the Azure Portal, but the change is not reflected in Prisma Cloud under Management Groups and Subscriptions of the already added Tenant. | It can take up to six hours for new child account information to be added, updated, or deleted in Prisma Cloud. |
Azure Flow Logs configuration related issues | |
Ingest and Monitor Network Security Group Flow Logs checkbox is checked during onboarding and you are still facing issues with Flow Logs Ingestion. | Check whether Azure flow logs are being generated and written to the storage account:
Check that you have created storage accounts in the same regions as the Network Security Groups .Network Security Group (NSG) flow logs are a feature of Network Watcher that allows you to view information about ingress and egress IP traffic through an NSG. Azure flow logs must be stored within a storage account in the same region as the NSG.
|
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.