From 5121762df5f53fd9694a99ab4063523584f9a206 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20C=C3=A9spedes?= Date: Sat, 26 Aug 2023 02:16:45 -0600 Subject: [PATCH] Added requirement for subs to be registered in the ManagedService provider namespace --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 4f06844..85d22ec 100644 --- a/README.md +++ b/README.md @@ -62,6 +62,8 @@ If you're unsure about what/how to use this module, please fill the [questionnai - For scanning, an App (with its Service Principal) is required to be created in the ActiveDirectory, to enable ContainerRegistry Task to run the image scanning This requires subscription-level `Security Administrator` role. +- The subscription(s) to onboard must be registered to the 'Microsoft.ManagedService' services provider namespace. More info on [how to enroll your subscription here](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#:~:text=Azure%20portal-,Register%20resource%20provider,-To%20see%20all). + Note: Beware that previous roles in AD are found in two different levels; Organizational level (user AD **Assigned Roles**), and Subscription level (user AD **Azure role assignments**). This role assignments take some time to consolidate.