Share via

Error durin on-upload malware scan activation for storage account

Denys Bielov 25 Reputation points
2024-05-21T16:29:33.4633333+00:00

I created Event Grid topic and want to assign it to Microsoft Defender report pipeline. When I enable on-upload scan for my storage account and select my topic, I get
Plan enablement partially succeeded. Could not enable on-upload malware scanning: Client 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c' with objectId '8177dd86-bd92-44c0-a988-b5a6f6d326cc' does not have permissions 'Microsoft.EventGrid/eventSubscriptions/write' on scope '/subscriptions/.../resourceGroups/.../providers/Microsoft.Storage/storageAccounts/...'

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,529 questions
Azure Event Grid
Azure Event Grid
An Azure event routing service designed for high availability, consistent performance, and dynamic scale.
454 questions
Microsoft Security Microsoft Defender Microsoft Defender for Cloud
0 comments
Accepted answer
  1. Anand Prakash Yadav 7,855 Reputation points Microsoft External Staff
    2024-05-22T10:18:19.4566667+00:00

    Hello Denys Bielov,

    Thank you for posting your query here!

    I understand that you are unable to enable Defender for Storage Malware scanning for Azure Storage account.

    Please note that being the owner of the subscriptions does not provide full rights to achieve that.

    Please check this custom defined role:

    {
  "properties": {
    "roleName": "Custome role for EventGrid",
    "description": "",
    "assignableScopes": ["/subscriptions/<my_subscription_guid>"],
    "permissions": [
      {
        "actions": ["Microsoft.EventGrid/eventSubscriptions/write"],
        "notActions": [],
        "dataActions": [],
        "notDataActions": []
      }
    ]
  }
}

    After the role is created, go to PIM (Privileged Identity Management) for the subscription and create a new role assignment for the account.

    Source: https://learn.microsoft.com/en-us/answers/questions/1286142/impossible-to-enable-defender-for-storage-malware

    Do let us know if you have any further queries. I’m happy to assist you further.

    Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Denys Bielov 25 Reputation points
    2024-05-29T10:30:08.2266667+00:00

    Adding EventGrid EventSubscription Contributor role to the user I was logged-in with helped.

    1 person found this answer helpful.
    0 comments
  2. Amrinder Singh 5,870 Reputation points Microsoft Employee Volunteer Moderator
    2024-05-21T17:55:15.6466667+00:00

    Hi Denys Bielov - Thanks for reaching out.

    The issue appears to be with missing write permissions for EH subscription on the Storage account. Once you add that permissions, it shall tend to work.

    I am sharing another Q&A link with the resolution.

    https://learn.microsoft.com/en-us/answers/questions/1286142/impossible-to-enable-defender-for-storage-malware

    Please let us know if you have any further queries. I’m happy to assist you further.

    Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.