[Question/ Feedback]: After deployment of the assignments the managed identity does not have the assigned role it needs to remediate
RikGr opened this issue · 1 comments
Check for previous/existing GitHub issues
- I have checked for previous/existing GitHub issues
Description
After we have deployed the assignments of the initiatives we noticed we cannot start remediation right away. The assignment does not have the rights yet. Only after editing and saving the assignment via the portal, the rights are granted.
Is this a known issue?
Hello @RikGr, thank you for your feedback. Depending on your timing, it´s possible that you can´t start the remediation right away, however this should not be because of Role Assignments.
Policy compliance evaluation
Before remediation can occur, the Policy engine first needs to determine the compliance state of your resources. Right after a deployment, you see a compliance state of "Not started" which means the evaluation cycle hasn't started for the policy or resource. Evaluations of assigned policies and initiatives happen as the result of various events. In this case, it takes around five minutes for the assignment to be applied to the defined scope, then the evaluation cycle begins for applicable resources against the newly assigned policy or initiative.
Role Assignment
The role assignments are defined in the same ARM template and are deployed at the same time. Can you review the deployment details to verify whether there was an error in the deployment?
-
Go to the management group where you assigned the initiative.
-
In the menu on the left click on Deployments
-
Look for the latest entry. The name of the deployment depends on the initiative you want to review:
- amba-ServiceHealth
- amba-LandingZone
- amba-Connectivity
- amba-Identity
- amba-Management
-
You should see the following:
If you seen an error, please let me know.