This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I'm having a strange issue with setting up Azure SQL vulnerability assessments. I am trying to target a storage account within the same subscription. My Azure SQL has been granted the "Storage Blob Data Contributor" role on the storage account, and I am able to select it through the portal as the target but it disappears after I have saved and reloaded the blade. When I attempt to run a scan manually, I get a message saying:
"The configured storage account 'xxxxxxxxx' was not found in the subscriptions selected by your Global subscription filter, or you don't have permission to access it. Please add the subscription corresponding to the configured storage to your Global filter settings."
The oddest part is that a handful of existing storage accounts with no discernable difference in configuration seem to work just fine. I've tried a number of storage accounts, some work and some don't and I can't seem to figure out why. I didn't find anything in existing documentation that would indicate a setting I need to ensure is enabled. Does anyone know if I am missing something or what might be causing this issue?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 93%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENS%3C/text%3E%3C/svg%3E)
@Todd Janson We are checking this and will get back to you.
Thank you, I still haven't figured this one out.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 99%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Any movement on this yet? I have a group assignment setup for accessing this data, group has read to the storage account where the current assessment data is being held, but when trying to view the data - the user gets an error about not having permission to access to storage.
Not sure if more than read is needed, but I wouldn't think so just to populate an assessment
We are looking into this and involved our storage team as well. but the original issue for this thread - The configured storage account 'xxxxxxxxx' was not found in the subscriptions selected by your Global subscription filter, or you don't have permission to access it. Please add the subscription corresponding to the configured storage to your Global filter settings should be resolved.
Please confirm that and also please confirm what exactly is the issue now with error details and screenshots to move this forward. Once we get the info we will engage right resources.
Regards
Navtej S
@Derek Schauland
Please help with questions above to take this further.
Regards
Navtej S
After changing the global subscription filter my user was able to see more of the data in security center, but still receives the message about storage access. I am waiting to hear what is listed within the filter to see if the correct sub was picked.
What permissions/IAM settings are required to see this? would expect that read access would work
@Todd Janson We have check and found that this is UI bug and there is ETA for the resolution at this point and we are trying to get more info regarding this.
Regards
Navtej S
Are you sure that it's only a UI issue? It seems that if I make the settings with an ARM template deploy then it's set successfully, but the vulnerability report contains "Failed to run" as the "Scan result".
After a clean redeploy, it appears that my vulnerability scans and audits are working but I still have the UI issue described in the portal when viewing auditing settings.
@Todd Janson Can you please post the error message and screen shot of the error.
Checking just now and it appears to be working correctly, may have been a caching issue on my end. Thank you for resolving this issue so quickly.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 4%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Easy steps to reproduce this issue: 1. Go to the "SQL servers" listing view. 2. Use the Subscription filter to enable subscription A. 3. Click on a record that only exists in subscription A. 4. Hit the back button. 5. Deselect subscription A from the filter. 6. Hit the forward button. The sql server page opens. 7. Go to "Security Center" > "Vulnerability assessment findings". 8. Click on a finding. 9. Open the affected unhealthy database. 10. The "Vulnerability Assessment" page opens and you will see the error: "The configured storage account '' was not found in the subscriptions selected by your Global subscription filter, or you don't have permission to access it. Please add the subscription corresponding to the configured storage to your Global filter settings." ![131938-image.png][1] But the way this usually happens to me is that I open a link from the vulnerability assessment scan summary email that affects a SQL server from subscription A that is deselected from the global subscription filter. Since there's no subscription filter on the "Vulnerability Assessment" page and the global subscription filter is always applied when opening a new tab, there's very little you can do about it except browse to view that has the subscription filter, re-enable subscription A and then go back. [1]: /api/attachments/131938-image.png?platform=QnA
Any comments about this, @Navtej Singh Saini ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 49%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJN%3C/text%3E%3C/svg%3E)
I resolved this here -Under the SQL instance -
Security
Microsoft Defender for Cloud
Enabled at the subscription-level (Configure) <-- click
VULNERABILITY ASSESSMENT SETTINGS
Storage account
Select Storage Account