Sounds so similar to this https://learn.microsoft.com/en-gb/archive/blogs/azure4fun/common-problem-when-using-azure-resource-groups-rbac
Unable to archive to a storage account in Diagnostic Settings
Hi all! I am trying to save some sign-in logs to a storage account that I have via the Diagnostic Settings tab in azure. I am a Global Admin,so I should be able to.
However, when I try to save it, I get this:
Failed to update diagnostics for '/providers/microsoft.aadiam'.{"error":{"code":"AuthorizationFailed","message":"The client 'user@keyman .com' with object id 'GUID' does not have authorization to perform action 'Microsoft.Insights/register/action' over scope '/subscriptions/GUID' or the scope is invalid. If access was recently granted, please refresh your credentials."}}.
Should I have the authorization to do this as a global admin?
thanks
2 answers
Sort by: Most helpful
-
Oscar Maqueda 536 Reputation points Microsoft Employee
2021-01-06T17:29:00.463+00:00 -
Sumarigo-MSFT 43,801 Reputation points Microsoft Employee
2021-01-27T07:15:03.877+00:00 @Aaron Gallardo Firstly, apologies for the delay in responding here and any inconvenience this issue may have caused.
Firstly let me explain how RBAC works, please check this thread which provides detailed information Access control, Roles, service principle and what role we need to provided.
We need to provide "Azure Storage Contributor role" and then try again and let me know the status?
Also, please refer to this article: Send resource logs to Azure storage to retain it for archiving
If you are Global admin you should be able to archive the the sign- logs
Archive Azure AD logs to an Azure storage account:
Hope this helps!
Kindly let us know if the above helps or you need further assistance on this issue.
--------------------------------------------------------------------------------------------------------------------------
Please don’t forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.