Skip to main content
Failed to save e-key while adding Azure subscription

Failed to save e-key while adding Azure subscription

Updated over a month ago

Problem description

Failed to save e-key while adding Azure subscription

Cause

Permission issues on the Azure side caused by a disallow policy.

Traceback

HAR.log
{
"code": "ConnectionSvc-1001",
"message": "Codes:[RequestDisallowedByPolicy], Msg:Resource 'Test' was disallowed by policy. Policy identifiers: '[{\"policyAssignment\":{\"name\":\"Enforce recommended guardrails for Azure Key Vault\",\"id\":\"/providers/Microsoft.Management/managementGroups/alz-landingzones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault\"},\"policyDefinition\":{\"name\":\"Key vaults should have deletion protection enabled\",\"id\":\"/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\"},\"policySetDefinition\":{\"name\":\" Enforce recommended for Azure Key Vault\",\"id\":\"/providers/Microsoft.Management/managementGroups/alz/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault\"}}]'."
}

Resolution:

  • Allow the resource group in the policy.

In above example:

  • Resource ‘Test’' was disallowed by policy.

  • Policy Name: Enforce recommended for Azure Key Vault

  • Path: /providers/Microsoft.Management/managementGroups/alz-landingzones/providers/Microsoft.Authorization/policyAssignments/Enforce-GR-KeyVault

  • Policy Definition: Key vaults should have deletion protection enabled

See Also:

Did this answer your question?