Enrollment fails and the stack rolls back. The resulting logs contain keywords such as the following:

enroll failed

Enrollment failed; rolling back stack

The table specified does not exist.

WARNING: 
There are no credentials provided in your command and environment, we will query for account key for your storage account.
It is recommended to provide --connection-string, --account-key or --sas-token in your command as credentials.
You also can add `--auth-mode login` in your command to use Azure Active Directory (Azure AD) for authorization if your login account is assigned required RBAC roles.
For more information about RBAC roles in storage, visit https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli.

Multiple possible causes:

- network communications cannot reach Symantec public servers, or

- overly tight permissions on RBAC roles

To test network access to Symantec public servers

within the VM, type: 

curl -kv http://liveupdate.symantec.com
curl -kv https://usea1.r3.securitycloud.symantec.com
curl -kv https://scwp.securitycloud.symantec.com
curl -kv https://spoc-pool-gtm.norton.com
curl -kv https://us.spoc.securitycloud.symantec.com:443

If any of these tests show failures to resolve hostname or failures to connect, check configuration of network for the related Azure or AWS environment.

If the network permits access to these public Symantec servers, then examine RBAC starting with the Microsoft KB https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad-rbac-cli