Update Application Gateway role assignments to have the right permissions

Deepaklal-FT 66 Reputation points
2022-09-30T03:30:04.433+00:00

What is the action requires to be taken as part of this maintenance.

Tracking ID : MNTX-DP8

How to check roles are included at least the Joins a virtual network (Microsoft.Network/virtualNetworks/subnets/join/action) permission ?

Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,088 questions
Azure ISV (Independent Software Vendors) and Startups
Azure ISV (Independent Software Vendors) and Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.ISV (Independent Software Vendors) and Startups: A Microsoft program that helps customers adopt Microsoft Cloud solutions and drive user adoption.
97 questions
{count} votes

Accepted answer
  1. KapilAnanth-MSFT 47,306 Reputation points Microsoft Employee
    2022-09-30T06:29:45.977+00:00

    Hi @Deepaklal-FT ,

    Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
    I understand that you would like to know the roles that have "Joins a virtual network" permission.

    The Built-In roles that have this permission are as follows,

    • Owner
    • Contributor
    • Network Contributor

    Refer :

    If you would like to create custom roles, this document may come in handy
    https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles
    https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles-portal

    Cheers,
    Kapil

    ----------------------------------------------------------------------------------------------------------------

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Anthony Goh 1 Reputation point
    2022-09-30T07:53:05.883+00:00

    Hi

    For sake of good order and clarification, we received this email of notice from MS Azure.

    If my Azure login account is owner, I assume no further action is require with ref. to below email?

    Subject: Action recommended: Update Application Gateway role assignments to have the right permissions by 30 November 2022

    EXTERNAL: Do not click links or open attachments if you do not recognize the sender.

    Action recommended: Update Application Gateway role assignments to have the right permissions by 30 November 2022

    View in Azure Service Health >

    TRACKING ID: MNTX-DP8
    TYPE: ActionRequired
    STATUS: Active

    COMMUNICATION:
    You're receiving this notice because you use Azure Application Gateway with Azure Virtual Network.
    To improve security and provide a more consistent experience across Azure, all roles must pass a permission check in order to create or update an Application Gateway in Virtual Network. To pass this check, roles must include at least the Joins a virtual network (Microsoft.Network/virtualNetworks/subnets/join/action) permission by 30 November 2022.

    Recommended action
    To avoid potential service disruptions, update any roles that need to create or update an Application Gateway in Virtual Network to have the right permissions by 30 November 2022.

    Help and support
    If you have questions, get answers from community experts in Microsoft Q&A. If you have a support plan and need technical help, please create a support request:

    1. For Issue type, select Technical.
    2. For Subscription, select your subscription.
    3. For Service, select My services.
    4. For Service type, select Application Gateway.
    5. For Resource, select your Application Gateway resource.
    6. For Summary, type a description of your issue.
    7. For Problem type, select Configure and Setup.
    8. For Problem subtype, select Configure Virtual Network.
      IMPACTED SERVICE(S) AND REGION(S)
      Service Name Region
      Application Gateway Australia Central
      Australia Central 2
      Australia East
      Australia Southeast
      Brazil South
      Brazil Southeast
      Canada Central
      Canada East
      Central India
      Central US
      Central US EUAP
      East Asia
      East US
      East US 2
      East US 2 EUAP
      France Central
      France South
      Germany North
      Germany West Central
      Japan East
      Japan West
      Jio India Central
      Jio India West
      Korea Central
      Korea South
      North Central US
      North Europe
      Norway East
      Norway West
      Qatar Central
      South Africa North
      South Africa West
      South Central US
      South India
      Southeast Asia
      Sweden Central
      Sweden South
      Switzerland North
      Switzerland West
      UAE Central
      UAE North
      UK South
      UK West
      West Central US
      West Europe
      West India
      West US
      West US 2
      West US 3

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.