Share via

I am unable to view service tags while adding a network rule in Azure Firewall.

Sayyad, Altamash Salim (Cognizant) 0 Reputation points
2025-01-08T17:40:27.39+00:00

Title

Unable to View Service Tags When Adding a Network Rule in Azure Firewall

Details

I am unable to view service tags while adding a network rule in Azure Firewall.

I am selecting the Destination type as Service Tag, but I can only see Office 365 service tags and not others. Kindly help me understand what's missing.

Azure Firewall
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
707 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sayyad, Altamash Salim (Cognizant) 0 Reputation points
    2025-01-10T09:14:37.7833333+00:00

    I am have below permissions assigned through a Custom PIM Role.

    is anything missing in the role because of which it does not let me read service tags?

    what would be least permission i should have in-order to view the service tags in my Firewall network rules?

            "permissions": [
            {
                "actions": [
                    "Microsoft.Network/azurefirewalls/*/read",
                    "Microsoft.Network/azureFirewalls/applicationRuleCollections/read",
                    "Microsoft.Network/azurefirewalls/providers/Microsoft.Insights/logDefinitions/read",
                    "Microsoft.Network/azureFirewalls/natRuleCollections/read",
                    "Microsoft.Network/azureFirewalls/networkRuleCollections/read",
                    "Microsoft.Network/azurefirewalls/providers/Microsoft.Insights/metricDefinitions/read",
                    "Microsoft.Network/azureFirewallFqdnTags/read",
                    "Microsoft.Network/firewallPolicies/*/read",
                    "Microsoft.Insights/*/read",
                    "Microsoft.Network/azurefirewalls/write",
                    "Microsoft.Network/azureFirewalls/applicationRuleCollections/write",
                    "Microsoft.Network/azureFirewalls/natRuleCollections/write",
                    "Microsoft.Network/azureFirewalls/networkRuleCollections/write",
                    "Microsoft.Network/firewallPolicies/*/write",
                    "Microsoft.Network/ipGroups/read",
                    "Microsoft.Network/ipGroups/write",
                    "Microsoft.Network/locations/serviceTagDetails/read",
                    "Microsoft.Network/locations/serviceTags/read"
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.