Traffic Analytics requires the following prerequisites: A Network Watcher enabled subscription. Network Security Group (NSG) flow logs enabled for the NSGs you want to monitor. An Azure Storage account, to store raw flow logs. An Azure Log Analytics workspace, with read and write access. Your account must meet one of the following to enable traffic analytics: Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor.

Correct Answer: A - Yes Your account must have any one of the following Azure roles at the subscription scope: owner, contributor, reader, or network contributor. Reader role - View all resources, but does not allow you to make any changes. Traffic Analytics is a cloud-based solution that provides visibility into user and application activity in cloud networks. Traffic analytics analyzes Network Watcher network security group (NSG) flow logs to provide insights into traffic flow in your Azure cloud. Reference: https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics-faq https://docs.microsoft.com/en-us/azure/network-watcher/traffic-analytics#user-access-requirements https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles

Correct Answer - No (Confirmed, check below documentation) If you enable Traffic Analytics for sure, it require some write access to capture and write the logs. We need to be Logical. https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics Prerequisites Traffic analytics requires the following prerequisites: A Network Watcher enabled subscription. For more information, see Enable or disable Azure Network Watcher. NSG flow logs enabled for the network security groups you want to monitor or VNet flow logs enabled for the virtual network you want to monitor. For more information, see Create a flow log or Enable VNet flow logs. An Azure Log Analytics workspace with read and write access. For more information, see Create a Log Analytics workspace. One of the following Azure built-in roles needs to be assigned to your account: Expand table Deployment model Role Resource Manager Owner Contributor Network contributor 1 and Monitoring contributor 2

It seems reader role cannot enable traffic analytics. It can view it.

Answer is B, NO. supporting : https://learn.microsoft.com/en-us/answers/questions/1330227/what-role-is-required-to-be-enabled-at-subscriptio

Owner Contributor Network contributor 1 and Monitoring contributor 2

The answer is B https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics

According to current documentation B is correct. https://learn.microsoft.com/en-us/azure/network-watcher/required-rbac-permissions#traffic-analytic: "Since traffic analytics is enabled as part of the Flow log resource, the following permissions are required in addition to all the required permissions for Flow logs". I believe that the permission "Microsoft.Network/networkWatchers/configureFlowLog/action" is not part of the Reader role. Also, "Microsoft.OperationalInsights/workspaces/sharedkeys/action" is not in the Reader role.

No as explained here: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics

Answer should be B (No). Check out the prerequisite for traffic analytics. Reader role is not there. https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites

No is right

From ChatGPT: No, this solution does not meet the goal. The Reader role at the subscription level in Azure AD allows you to view all resources, but it does not permit write operations, which are required to enable Traffic Analytics1. To enable Traffic Analytics for an Azure subscription, the user needs to have one of the following roles assigned at the subscription level1: Owner Contributor Network Contributor These roles allow the necessary write operations. If none of these roles are suitable, a custom role can be created with the specific permissions needed to enable Traffic Analytics1. Please note that assigning the Reader role will not be sufficient to enable Traffic Analytics1

No, assigning the Reader role at the subscription level to Admin1 does not meet the goal of enabling Traffic Analytics for the Azure subscription. The Reader role only grants read-only access to Azure resources, meaning Admin1 would not have the necessary permissions to enable Traffic Analytics or perform any management actions on the subscription.

Answer is NO. As per latest these are the roles needed to be assigned: "Owner" or "Contributor" or "Network Contributor and Monitoring Contributor" Source: https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites

answer is no

Answer is No, reader role does not apply: One of the following Azure built-in roles needs to be assigned to your account: * Owner * Contributor * Network contributor and Monitoring contributor Reference https://learn.microsoft.com/en-us/azure/network-watcher/traffic-analytics#prerequisites

Answer is yes, To enable Traffic Analytics for an Azure subscription, your account must have one of the following Azure roles assigned at the subscription scope: Owner Contributor Reader Network Contributor