While deploying hub and spoke architecture on Azure facing problem while creating azure policy in network manager

Chitresh Mathur 20 Reputation points

The error is:

Creating Azure Policy Definition 'VNetAZPolicy' in network group 'myNetworkGroupB' failed for scope '/subscriptions/d28de36d-8cb0-4da7-b1ae-b4beaa86b4aa'. Error:'The client with object id '921743ea-b50a-4a64-b2d4-4af3e7d48605' does not have permission to perform action(s) 'Microsoft.Network/networkManagers/networkGroups/join/action'

The link I was following:


Note: I stuck at steps '6' to '8' under the heading "Create a dynamic network group"

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,035 questions
Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
758 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 32,351 Reputation points Microsoft Employee

    @Chitresh Mathur

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

    I understand that you are facing permission issues with creating a Dynamic Network Group.

    It appears that you do not have the required permissions as listed below,

    Refer : [https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-azure-policy-integration#required-permissions

    User's image

    Make sure you have the required permissions and try again.

    Please let me know if this helps or you require further assistance on this.



    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful