Skip to content

Commit

Permalink
Updated images
Browse files Browse the repository at this point in the history
  • Loading branch information
@SINIKI
SINIKI committed May 12, 2021
1 parent 9f3326d commit 0d1a04c
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 2 deletions.
14 changes: 12 additions & 2 deletions 01-Setup and Getting started/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -551,7 +551,7 @@ After ATS_4_WorkItemScheduler completes pushing the messages in the queue, WorkI

1. Signed in user must have one of the following permission at subscription or resource group scope: Owner, Contributor, ServiceAdministrator, CoAdministrator, AccountAdministrator, Security Reader, Security Admin.

2. Subscription scan should have completed for the day. Automated AzTS scans are configured to start at approximately 1:00 AM UTC. Therefore, you can use the [On-Demand scan](README.md#2-manually-trigger-azts-on-demand-scan-for-entire-tenant) command to trigger the scan immediately after the installation.
2. Subscription scan should have completed for the day. Automated AzTS scans are configured to start at approximately 1:00 AM UTC. You can use the [On-Demand scan](README.md#2-manually-trigger-azts-on-demand-scan-for-entire-tenant) command to trigger the scan immediately after the installation.

**Steps to load AzTS UI:**

Expand Down Expand Up @@ -653,4 +653,14 @@ AzSK_ControlResults_CL

You can use the on-demand scan command provided [here](README.md#2-manually-trigger-azts-on-demand-scan-for-entire-tenant) with `-ForceFetch` flag.


<br>

#### **On running AzTS installation command (`Install-AzSKTenantSecuritySolution`) I am getting an error message *"Tenant ID, application ID, principal ID, and scope are not allowed to be updated."***

This is probably happening because the user-assigned managed identity (internal MI) has been deleted from Azure Portal, but the role assignment of this MI is still present at resource group scope in which AzTS setup has been installed. The role assignment of a deleted identity looks like below,

![FAQ_GhostIdentity](../Images/12_TSS_FAQ_RBACGhostAccount.png)

To remove role assignment, go to resource group where AzTS solution has been installed --> Access control (IAM) --> Role assignments --> Look for deleted identity (as shown in screenshot below) --> Select the identity and click on 'Remove'.

After deleting the identity, you can run the installation command again.
Binary file added Images/12_TSS_CentralScanMIGraphAccessView.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified Images/12_TSS_CommandOutput.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added Images/12_TSS_FAQ_RBACGhostAccount.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified Images/13_TSS_UIUrlPrintMessageInPSOutput.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.

0 comments on commit 0d1a04c

Please sign in to comment.