Review the permissions required to deploy resources and the permissions granted during the terraform process.
The following permissions are required to be able to successfully deploy Trend Vision One cloud security resources to your subscription.
-
For Microsoft Entra ID users, your sign in must have the following roles:
-
Application Administrator
-
Privileged Role Administrator
-
-
For Microsoft Azure users, your sign in must have the following or higher role on the subscription you are connecting:
-
User Access Administrator
-
-
To enable Microsoft Defender for Endpoint Collection or Azure Activity logs, your Microsoft Azure sign in must have the following role:
- Key Vault Secrets Officer
The terraform process assigns certain permissions to itself to establish the connection
with Cloud Accounts and Trend Vision One cloud security services. These permissions include enabling the Cloud Accounts app
and security services to obtain temporary credentials and complete tasks within your
Azure cloud environment.
Azure Required Permissions
Feature
|
Service
|
Required Permissions
|
Core Features
|
Azure
|
|
Agentless Vulnerability & Threat Detection
|
Azure
|
Subscription-level permissions
|
Trend Micro resource group-level permissions
Azure defined role: Contributor
Azure defined role: AcrPull
Azure defined role: Storage Blob Data Owner
|
||
Trend Micro Storage ID-level permissions
Azure defined role: Storage Blob Data Reader
|