Problem description
Failed to save e-key while adding Azure subscription
Cause
Permission issues on the Azure side caused by a disallow policy.
Traceback
HAR.log
{
"code": "ConnectionSvc-1001",
"message": "Codes:[RequestDisallowedByPolicy], Msg:Resource 'Test' was disallowed by policy. Policy identifiers: '[{\"policyAssignment\":{\"name\":\"Enforce recommended guardrails for Azure Key Vault\",\"id\":\"/providers/Microsoft.Management/managementGroups/alz-landingzones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\"},\"policyDefinition\":{\"name\":\"Key vaults should have deletion protection enabled\",\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\"},\"policySetDefinition\":{\"name\":\" Enforce recommended for Azure Key Vault\",\"id\":\"/providers/Microsoft.Management/managementGroups/alz/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault\"}}]'."
}
Resolution:
Allow the resource group in the policy.
In above example:
Resource ‘Test’' was disallowed by policy.
Policy Name: Enforce recommended for Azure Key Vault
Path: /providers/Microsoft.Management/managementGroups/alz-landingzones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault
Policy Definition: Key vaults should have deletion protection enabled