Update - Microsoft.Management missing from Subscription during Initialize (#871)

* Adding additional information for Azure Resource Provider prereq

* adding Management groups not showing up in repo to faq

* Correcting spelling mistake

* Adding a string match for insufficient permissions

* Adding error message for insufficient permissions

* Update

* Update Prerequisites.md

Changing from "Registered" to "Register".

---------

Co-authored-by: sebastian claesson <sebastian.claesson@fora.se>
Co-authored-by: Jesper Fajers <jesper@fajers.se>

docs/wiki/Frequently-Asked-Questions.md

@@ -7,6 +7,7 @@ This article answers frequently asked questions relating to AzOps.
 - [AzOps FAQ](#azops-faq)
   - [In this Section](#in-this-section)
   - [Subscriptions or resources not showing up in repository](#subscriptions-or-resources-not-showing-up-in-repository)
+  - [Management groups not showing up in repository](#management-groups-not-showing-up-in-repository)
   - [Push fail with deployment already exists in location error](#push-fail-with-deployment-already-exists-in-location-error)
   - [Does AzOps use temporary files](#does-azops-use-temporary-files)
   - [Pull fail with active pull request already exists error](#pull-fail-with-active-pull-request-already-exists-error)
@@ -39,6 +40,18 @@ Remove the invalid resource or character and retry the operation.
 
 A common example of invalid characters preventing successful operations in AzOps is with [Visual Studio Enterprise](https://azure.microsoft.com/en-us/pricing/offers/ms-azr-0063p/) based subscriptions. The default resource name of said subscriptions contains the "`–`" [EN DASH](https://www.cogsci.ed.ac.uk/~richard/utf-8.cgi?input=2013&mode=hex) character. Example: `visual studio enterprise subscription – mpn`.
 
+## Management groups not showing up in repository
+
+If the [Microsoft.Management](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-services-resource-providers#management-resource-providers) resource provider is not registered in the subscription where AzOps is initialized, AzOps is unable to list and create the folder structure for the management group hierarchy.
+
+To confirm if this applies to you, check the pipeline logs for the following message:
+
+```powershell
+[Initialize-AzOpsEnvironment] No management group access
+```
+
+Resolve this by registering the `Microsoft.Management` [resource provider](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) in the Azure Subscription or assign AzOps the permissions to perform the ```/register/action``` operation for the resource provider.
+
 ## Push fail with deployment already exists in location error
 
 If you have changed `"Core.DefaultDeploymentRegion":` from the default `northeurope` post initial setup, subsequent Push/Deployments might fail with an error as below:

docs/wiki/Prerequisites.md

@@ -17,6 +17,8 @@ AzOps pipelines can use either a Service Principal, or a Managed Identity if run
 - Assign Azure `Owner` role at the required scope to the Service Principal/Managed Identity
 - Add Service Principal/Managed Identity to Azure AD `Directory Readers` role
 
+> Note: Discovering Management groups requires the registration of the Azure resource provider `Microsoft.Management` in the Azure Subscription where AzOps is initialized. AzOps will attempt to [register](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider) `Microsoft.Management` if it's not already registered. If AzOps encounters any issues during this process, kindly ensure to manually register the resource provider.
+
 The Azure Active Directory [Directory Readers](https://learn.microsoft.com/azure/active-directory/roles/permissions-reference#directory-readers) role is required to discover Azure 'roleAssignments'. These permissions are used to enrich data around the role assignments with additional Azure AD context such as `ObjectType` and Azure AD object `DisplayName`.
 
 > Theses steps require PowerShell 7 and _Az.Accounts_, _Az.Resources_, _Microsoft.Graph.Applications_ and _Microsoft.Graph.Identity.DirectoryManagement_ modules, they will be installed.

src/functions/Initialize-AzOpsEnvironment.ps1

@@ -119,7 +119,7 @@
             $managementGroups = Get-AzManagementGroup -ErrorAction Stop
         }
         catch {
-            Write-AzOpsMessage -LogLevel Warning -LogString 'Initialize-AzOpsEnvironment.ManagementGroup.NoManagementGroupAccess'
+            Write-AzOpsMessage -LogLevel Warning -LogString 'Initialize-AzOpsEnvironment.ManagementGroup.NoManagementGroupAccess' -LogStringValues $_
             return
         }
 

src/localized/en-us/Strings.psd1

@@ -157,7 +157,7 @@
     'Initialize-AzOpsEnvironment.ManagementGroup.NoRootPermissions'                 = 'Principal {0} does not have permissions under / in tenant, enabling partial discovery' # $currentAzContext.Account.Id
     'Initialize-AzOpsEnvironment.ManagementGroup.PartialDiscovery'                  = 'Executing partial discovery' #
     'Initialize-AzOpsEnvironment.ManagementGroup.Resolution'                        = 'Resolving {0} management groups' # $managementGroups.Count
-    'Initialize-AzOpsEnvironment.ManagementGroup.NoManagementGroupAccess'           = 'No management group access, discovery will happen from subscription scope(s)'
+    'Initialize-AzOpsEnvironment.ManagementGroup.NoManagementGroupAccess'           = 'No management group access, failed with: {0}, discovery will happen from subscription scope(s)' # $_
     'Initialize-AzOpsEnvironment.Processing'                                        = 'Processing AzOps environment' #
     'Initialize-AzOpsEnvironment.Processing.Completed'                              = 'AzOps environment initialization concluded' #
     'Initialize-AzOpsEnvironment.ThrottleLimit.Adjustment'                          = 'Adjusting AzOps.Core.ThrottleLimit from {0} to 5 due to available CPU Cores ({1}) to ensure reliable and performant pipeline execution. For further details, refer to: https://github.com/azure/azops/wiki/performance-considerations' # $throttleLimit, $cpuCores