This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 72%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
I don't have Owner role (and cannot have in the tenant I'm working) but I have Security Admin role and also custom role which allows me to enable for example all features of Defender for Storage and also all features of Defender for Servers.
Except that configuring Defender for Servers File Integrity Monitoring fails.
I get an error on Azure portal notifications which says:
Failed to save 'Servers' plan for subscription 'xxx'.
and when I go to see the activity log of the subscription where the log analytics workspace is deployed into (which I'm choosing when configuring FIM) I see error:
Resource: /subscriptions/xxx/providers/Microsoft.Security/pricings/VirtualMachines
Message: User does not have owner role on the subscription of the given workspace!
According to documentation https://learn.microsoft.com/en-us/azure/defender-for-cloud/file-integrity-monitoring-enable-defender-endpoint
Required roles and permissions: Workspace owner or Security admin can enable and disable FIM.
Defender for Servers has been enabled on the log analytics workspace.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
@Mika Pitkänen Apologies for the delayed response, with the above error it seems it needs owner privilege to make changes to the log analytics workspace - https://learn.microsoft.com/en-us/services-hub/unified/health/azure-roles#azure-roles:~:text=Roles%20that%20can%20Add/Remove%20solutions%20from%20Services%20Hub%20workspace
Let me know by making the above changes helps to resolve this issue, accordingly, will work review the doc and get it rectified by our team.
Thanks for the answer. I'll get back to this after the admin of the Azure environment have had time to look into this.
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
"with the above error it seems it needs owner privilege to make changes to the log analytics workspace"
It seems Owner privilege was required. Even though documentation lists some other roles as an option to Owner role.