@波 程
Thank you for your detailed post!
From your error and screenshots, it looks like you're using the Application-plus-user (Compound Identity / OBO) authentication option, which should only be used when a user is required to access the key vault from a specific application. However, since compound identities aren't supported with Microsoft Purview to set up scans, and it looks like Purview will be accessing the KV directly, can you add fs-purview
to your vault access policies? For more info - Credentials for source authentication in Microsoft Purview.
HTTP 403: Insufficient Permissions
HTTP 403 means that the request was authenticated (it knows the requesting identity) but the identity does not have permission to access the requested resource. There are two causes:
- There is no access policy for the identity.
- The IP address of the requesting resource is not approved in the key vault's firewall settings.
I hope this helps!
If you're still having issues, please let me know.
Thank you for your time and patience throughout this issue!
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.