AzurePortal has configured Defender for Cloud to assess the vulnerability of SQL Server.
However, the following error message was displayed, and the scan did not proceed.
"The provided storage account is not valid or does not exist"
After that, I checked the following.
Verify the Successful Storage Account Configuration
Verify the Firewall Configuration for Storage Accounts
confirmation of opening all firewalls.
Initialize the link between Defender for cloud and storage account and then re-link.
under monitoring
confirmation of authority
Confirmation that the guest is a customer account, but owner authorization.
I would like to ask you how to take action on this issue.
Also, I am curious about the manual scanning method that can scan immediately rather than automatic Vulnerability Assessment execution.
Thank you.
I checked the following.
Verify the Successful Storage Account Configuration
Verify the Firewall Configuration for Storage Accounts
confirmation of opening all firewalls.
Initialize the link between Defender for cloud and storage account and then re-link.
under monitoring
confirmation of authority
Confirmation that the guest is a customer account, but owner authorization.
I would like to ask you how to take action on this issue.
Also, I am curious about the manual scanning method that can scan immediately rather than automatic Vulnerability Assessment execution.
Related
I am using IoT Hub in Azure portal. If I select Devices in Device management, Azure portal displays "A problem occurred loading devices.". I guess our company's proxy server block the domain. We set the proxy server to through "portal.azure.com" and "azure-devices.net". But the error continue. What should we do? Are there any other domains that the proxy server should through?
Are you still blocked? Were you able to access the devices earlier? Do you have the necessary permissions to access the devices? Please check the Access Control(IAM) tab to see your role assignments.
You can also add role assignments at Resource Group level. Go to your Resource Group, "Access Control (IAM)" and click on "Add role assignments". Then select "owner" and add yourself. See Assign Azure roles using the Azure portal for more details.
If you already have access and still facing the issue, then this could be a transient failure. I would suggest you wait for sometime and check back or clear your browser cookies, cache and history or try in-private mode and update if that solves your issue.
You can also log out and re-login to Azure Portal and see if there is any difference.
I have created a storage account for use in storing the results of an Azure Vulnerability Assessment on an Azure SQL Database.
If the firewall on the storage account is disabled, allowing access from all networks, Azure Vulnerability Scans work as expected.
If the firewall is enabled, the Azure Vulnerability Scan on the SQL Database reports an error, saying the storage account is not valid or does not exist.
Checking the box for "Allow Azure services on the trusted services list to access this storage account." in Networking properties for the storage account does not work to resolve this issue, though it is the recommended step in the documentation here: https://learn.microsoft.com/en-us/azure/azure-sql/database/sql-database-vulnerability-assessment-storage
Allow Azure Services
What other steps could resolve this issue, rather than just disabling the firewall?
You have to add the subnet and vnet that is being used by the SQL Managed Instance as mentioned in the document you are following . You can refer the below screenshot:
After enabling the service endpoint status as shown in the above image , Click Add . After adding the vnet it should look like below:
After this is done , Click on save and you should be able to resolve the issue.
Reference:
Store Vulnerability Assessment scan results in a storage account accessible behind firewalls and VNets - Azure SQL Database | Microsoft Docs
I created an Azure file share on a blob v1 storage account. I can connect to it from the OS on the report server, so I know the credentials are good, but when I configure a subscription via the reporting web site, it fails to connect, claiming "A log on error occurred when attempting to access the file share. The user account or password is not valid."
The azure account password is crazy long, so I'm wondering if it's having an issue storing it.
Any advice would be appreciated.
You will get the error if you don't offer the correct account and password (or even do not have an account) for file share. You could check the subscription setting, see here, and you need to make sure the account and password are all right. Also, you could store your azure account password in the tab.
My team already has a working Azure DevOps account. I would like to start an Azure subscription / Active Directory to begin linking our DevOps to App Services and other Azure products.
However, any time I click on a link to get started with Azure, I am met with a perplexing paradox trying to log in.
First I'm told that I can't log in because my MS account isn't found:
But if I try to "Create one!" or "get a new Microsoft account", I'm told it already exists:
I've taken out the email address being used, but I've confirmed they are the same between the two screens (I'm not even typing anything; all I'm doing is clicking "Next" on each screen).
I know that this MS account is valid. It's the same one I use to sign in with Azure DevOps and many other MS services. I'm not sure why I can't log in to the Azure set up platform. And there doesn't seem to be any kind of support options with Azure before you become a subscriber, so I thought I'd try my luck posting the issue here.
Thanks for any help!
You can connect your Azure DevOps organization to Azure Active Directory (Azure AD). Kindly checkout this document - About accessing your organization via Azure AD
Just to clarify, I hope you are an administrator on the subscription.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
When your sign-in address is shared by your personal Microsoft account and by your work account or school account, but your selected identity doesn't have access, you can't sign in. Although both identities use the same sign-in address, they're separate: they have different profiles, security settings, and permissions.
Sign out completely from Azure DevOps by completing the following steps.
Closing your browser might not sign you out completely.
Sign in again and select your other identity.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
To connect your organization to Azure AD.
Sign in to your organization, https://dev.azure.com/{yourorganization}).
Select gear icon > Organization settings.
Select Azure Active Directory, and then select Connect directory.
I have enabled Virtual Network and Firewall access restrictions for Azure Storage Account, but faced the issue, that I do not have an access to Storage Account from Azure Functions(ASE environment), despite fact that ASE public address is added as exception. Additionaly, I have added all environment's virtual networks just to make sure.
Is there any way to check from which address functions/other services is trying to get an access to storage account?
Also, I have a tick "Allow trusted Microsoft services to access this storage account
". I'm not sure what is included into "trusted Microsoft services".
In the Application Insight Functions logs, only timeout issue appears, without additional explanation.
Could you please help me to understand how to properly configure storage account access restriction?
Have a look of this doc:
https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security#trusted-microsoft-services
From your description, I think you dont give a RBAC role to your azure function to access the storage.
Do this steps:
If you need more operation. Like do something with the data. Do need to add more RBAC roles, have a look of this offcial doc to learn more about RBAC roles:
https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#all