Issue / Symptoms:
Error: "The management group cannot be found" when deploying Elements Identity Security for Entra ID with the /deploy.ps1 command.
Additional errors: "The deployment validation failed. Deployment WSecCD-azure_entra_id terminates with the unexpected state."
Resolution:
If you get this error, we recommend to confirm that the Management groups service has been activated on the account. The subscription must be assigned to an Azure Management Group as per the prerequisites:
https://www.withsecure.com/userguides/product.html#business/identity/latest/en/concept_ZZE049AB11D047B38170C3382E438C9C-latest-en
Steps how to activate management groups:
- In Azure portal, search for Management groups in the search bar
- A page showing the message "No management groups to display" should appear. Click on Start using Management groups
For more details, refer to the Azure Management Groups Documentation:
https://learn.microsoft.com/en-us/azure/governance/management-groups/create-management-group-portal
Now you can confirm if the subscription is within a Management Group.
You should also make sure that you are using the correct tenant. You can change the tenant in the power shell by running command:
- Set-AzContext -TenantId <THE ID OF THE TENANT HERE>
If the deployment would still fail, try:
- Disabling and then re-enabling "Access management for Azure resources."
- Execute the "New-AzRoleAssignment" command as outlined in the following guide
https://www.withsecure.com/userguides/product.html#business/identity/latest/en/concept_ZZE049AB11D047B38170C3382E438C9C-latest-en
https://learn.microsoft.com/en-us/azure/governance/management-groups/create-management-group-portal
https://www.withsecure.com/userguides/product.html#business/identity/latest/en/task_ZZ630316DD9A4806989F118FA70F7F0D-latest-en