Share via

Error durin on-upload malware scan activation for storage account

Denys Bielov 25 Reputation points
2024-05-21T16:29:33.4633333+00:00

I created Event Grid topic and want to assign it to Microsoft Defender report pipeline. When I enable on-upload scan for my storage account and select my topic, I get
Plan enablement partially succeeded. Could not enable on-upload malware scanning: Client 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c' with objectId '8177dd86-bd92-44c0-a988-b5a6f6d326cc' does not have permissions 'Microsoft.EventGrid/eventSubscriptions/write' on scope '/subscriptions/.../resourceGroups/.../providers/Microsoft.Storage/storageAccounts/...'

Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,782 questions
Azure Event Grid
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
325 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,228 questions
0 comments
Accepted answer
  1. Anand Prakash Yadav 6,940 Reputation points Microsoft Vendor
    2024-05-22T10:18:19.4566667+00:00

    Hello Denys Bielov,

    Thank you for posting your query here!

    I understand that you are unable to enable Defender for Storage Malware scanning for Azure Storage account.

    Please note that being the owner of the subscriptions does not provide full rights to achieve that.

    Please check this custom defined role:

    {
  "properties": {
    "roleName": "Custome role for EventGrid",
    "description": "",
    "assignableScopes": ["/subscriptions/<my_subscription_guid>"],
    "permissions": [
      {
        "actions": ["Microsoft.EventGrid/eventSubscriptions/write"],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ]
  }
}

    After the role is created, go to PIM (Privileged Identity Management) for the subscription and create a new role assignment for the account.

    Source: https://learn.microsoft.com/en-us/answers/questions/1286142/impossible-to-enable-defender-for-storage-malware

    Do let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Denys Bielov 25 Reputation points
    2024-05-29T10:30:08.2266667+00:00

    Adding EventGrid EventSubscription Contributor role to the user I was logged-in with helped.

    1 person found this answer helpful.
    0 comments
  2. Amrinder Singh 3,645 Reputation points Microsoft Employee
    2024-05-21T17:55:15.6466667+00:00

    Hi Denys Bielov - Thanks for reaching out.

    The issue appears to be with missing write permissions for EH subscription on the Storage account. Once you add that permissions, it shall tend to work.

    I am sharing another Q&A link with the resolution.

    https://learn.microsoft.com/en-us/answers/questions/1286142/impossible-to-enable-defender-for-storage-malware

    Please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.