Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
694 questions
6 answers
One of the answers was accepted by the question author.
Authorization failed when when writing a roleAssignment
I'm receiving the following error when trying to create a role assignment using terraform: Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error.…
asked 2021-02-24T21:50:28.377+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 79%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Andrew
26
Reputation points
answered 2024-02-28T05:08:45.4233333+00:00
Mahmoud A. ATALLAH
201
Reputation points MVP
5 answers
One of the answers was accepted by the question author.
Get-AzWvdSessionHost gives error: Cannot bind argument to parameter 'SubscriptionId' because it is null.
Hi! I am getting an error, if I am tring to run the Get-AzWvdSessionHost command from a Powershell script. The error is: Cannot bind argument to parameter 'SubscriptionId' because it is null. If i am connecting in interactive mode, using…
asked 2022-10-17T10:41:47.85+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 86%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
petersonal
86
Reputation points
commented 2022-10-24T16:21:39.203+00:00
Olga Os - MSFT
5,836
Reputation points Microsoft Employee
5 answers
One of the answers was accepted by the question author.
Issue Capturing VM fortigate as an image
Hello i am trying to Capture an vm of fortigate as an image and it doesnt work does azure support capturing nva machines as an image? if no is there another way to save nva as an image ?
asked 2022-09-15T08:15:26.69+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
Slava Shishkin
21
Reputation points
answered 2022-09-15T13:28:37.42+00:00
Martin Dimovski
1,596
Reputation points MVP
4 answers
One of the answers was accepted by the question author.
Azure Service Principal owner cannot reset credentials with az cli
Hello, as an Azure subscription admin I created a service principal and granted another user as Owner of the SP itself. This user is trying to reset SP credentials with command az ad sp credential reset --id <application id> but he gets the…
asked 2023-07-05T16:43:30.74+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 12%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Repetti Pierangelo
20
Reputation points
accepted 2023-09-29T09:45:04.19+00:00
Repetti Pierangelo
20
Reputation points
4 answers
One of the answers was accepted by the question author.
Azure Management Group - Cannot add subscription if Owner via Security Group
I'm building an Azure Management Group structure where I'm having issues with the add subscription option to a sub-management group where the option is grayed out when Owner role is assigned via and AAD Security group. So in short, does Azure Management…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 33%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
4 answers
One of the answers was accepted by the question author.
Azure RBAC and AKS not working as expected
Hello, I have create an AKS Cluster with AKS-managed Azure Active Directory and Role-based access control (RBAC) Enabled. If I try to connect with the Cluster by using one of the accounts which are included in the Admin Azure AD groups…
asked 2021-10-19T07:00:23.883+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(121.6, 22%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Mile Mitsev
21
Reputation points
answered 2021-10-22T12:41:31.113+00:00
Mile Mitsev
21
Reputation points
4 answers
One of the answers was accepted by the question author.
Azure PIM for global reader role - No resources to discover
Hi everyone, I'm currently testing Azure PIM to delegate read permissions to our Azure tenant. I've assigned with PIM the "Global reader" role for a test account, which has validated the access. The scope defined is…
asked 2021-08-18T15:08:00.467+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 33%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAR%3C/text%3E%3C/svg%3E)
Arnaud Rigole
131
Reputation points
accepted 2021-08-30T15:22:45.977+00:00
Arnaud Rigole
131
Reputation points
4 answers
One of the answers was accepted by the question author.
Azure - Failed to delete public IP address The client 'XXX@XXXX.com' with object id XYZ does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/delete' over scope 'XYZ'
User is global administrator. Cannot delete resources in the tenancy. Any idea why? Failed to delete public IP address 'XYZ'. Error: The client 'Tech.XYZ@Anonymous .com' with object id 'XYZ' does not have authorization to perform action…
asked 2020-06-09T17:59:58.413+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 85%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETS%3C/text%3E%3C/svg%3E)
Tech Support
96
Reputation points
answered 2020-06-09T18:54:21.817+00:00
Manu Philip
17,021
Reputation points MVP
3 answers
One of the answers was accepted by the question author.
How to get assigned RBAC roles in a resource group which has only apps and managed identities as owners and administrators?
I want myself to have Managed Identity Contributor role in an azure resource, but I cant find the admin or owner. Only managed identities and apps are listed as owners and administrators. Whom to ask for role assignment?
asked 2024-06-04T09:13:11.47+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 52%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAA%3C/text%3E%3C/svg%3E)
Aniruddha Acharya Kadlabalkoti
20
Reputation points Microsoft Employee
accepted 2024-06-11T08:07:07.8266667+00:00
Aniruddha Acharya Kadlabalkoti
20
Reputation points Microsoft Employee
3 answers
One of the answers was accepted by the question author.
Azure Subscription showing Owner role identity not found.
Hello, I am facing a strange issue. When I am checking my Azure Subscription, Access control (IAM) - The owner role is showing - Identity not found, Unable to find identity. Here is the screenshot. Can you help? Thanks, Anuraj
asked 2024-03-15T13:22:21.61+00:00
Anuraj
166
Reputation points MVP
commented 2024-03-28T08:08:47.8666667+00:00
Stanislav Zhelyazkov
21,681
Reputation points MVP
3 answers
One of the answers was accepted by the question author.
How to grant end user Reader access to Entra Permission Management Portal
I want to test Entra Prmission Management. I enabled 30-days Free trial. As I am Global Admin, I can launch the portal and can see Discovery and Remediation. But I want to grant access to my team who can login to Entra Permission Management Portal and…
asked 2024-01-20T15:46:34.8+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 35%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Neel Darji
86
Reputation points
commented 2024-01-29T19:47:39.3566667+00:00
Neel Darji
86
Reputation points
3 answers
One of the answers was accepted by the question author.
From Azure AD Registered To Azure AD Joined
My organization has 500+ Azure AD registered devices(Remote Too). Now we want to mange these devices with Intune and want to convert these devices from Azure AD registered to Azure AD joined. What is the best way to do the same?
asked 2021-06-16T05:23:57.377+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 38%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
SUNIL KUMAR
31
Reputation points
commented 2023-09-22T13:12:37.8533333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 41%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEN%3C/text%3E%3C/svg%3E)
Ezequiel Negron
0
Reputation points
3 answers
One of the answers was accepted by the question author.
RBAC - Which Role type would give admins to create email alias in "Microsoft 365" group?
Which Role type would give admins to create email alias in "Microsoft 365" group? I have tried exchange admin and group admin but still no luck for Microsoft 365 groups?
asked 2023-08-02T13:59:20.5733333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 71%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Muhammad Rahman
20
Reputation points
accepted 2023-08-09T19:55:50.3866667+00:00
Muhammad Rahman
20
Reputation points
3 answers
One of the answers was accepted by the question author.
Azure Subscription: The client 'live.com#' with object id '' does not have authorization to perform action
When I try to open my azure subscription I get the following Info: The client 'live.com#' with object id '' does not have authorization to perform action
asked 2023-03-27T17:16:25.9166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 74%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EIW%3C/text%3E%3C/svg%3E)
Isaac Wertheimer
20
Reputation points
accepted 2023-04-03T18:26:01.8433333+00:00
Isaac Wertheimer
20
Reputation points
3 answers
One of the answers was accepted by the question author.
How to access virtual machines on my network
My place have added me to the work network on Azure however when i login it says i don't have a subscription, so i can't see any of the virtual machines or anything like that, all i can see is the Azure active directory and manage the users in there. I…
asked 2023-02-28T16:17:08.93+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 91%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELR%3C/text%3E%3C/svg%3E)
Liam Rushmer
20
Reputation points
commented 2023-02-28T17:57:19.3066667+00:00
TP
80,981
Reputation points
3 answers
One of the answers was accepted by the question author.
Azure VM & AAD of another tenancy
One of my C-Suite has asked/instructed for something to be done which I'm not sure is possible and I'm looking for some confirmation. VM-1 is in Tenancy Alpha, with AAD alpha.com C-Suite wants VM-1 to remain in Tenancy Alpha but be connected to…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 67%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERB%3C/text%3E%3C/svg%3E)
3 answers
One of the answers was accepted by the question author.
Azure deny access role
Hi.. How i can prevent some user to access some resource in azure? Example i want to block some user from accessing cost management dashboard..
asked 2023-01-19T06:15:26.39+00:00
Handian Sudianto
4,286
Reputation points
accepted 2023-01-31T01:54:48.2966667+00:00
Handian Sudianto
4,286
Reputation points
3 answers
One of the answers was accepted by the question author.
Change Azure AD Role Settings using Powershell
Hi I have been asked by a client to change all the role settings for their PIM requirements. I have been looking at this for a while trying to figure out whether this can be updated in bulk using PowerShell but I have not found anything as yet. …
asked 2022-11-11T07:28:02.64+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Dhillan Kalyan
56
Reputation points
answered 2022-11-17T07:33:16.693+00:00
Dhillan Kalyan
56
Reputation points
3 answers
One of the answers was accepted by the question author.
Unable to assign group to configuration profile policy create in Microsoft Endpoint Manager
Hello, I can create Configuration profile but unable to include group of a test device group. I was able to include the group during the creation, but after review+save, the configuration profile was successfully created but after I check back in the…
asked 2022-10-25T09:29:59.433+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 94%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Ainul Jasni
41
Reputation points
accepted 2022-11-07T03:41:48.97+00:00
Ainul Jasni
41
Reputation points
3 answers
One of the answers was accepted by the question author.
If a user is granted reader role on subscription level, but I want to remove his readre role for a particular resource group under this subscription
if a user is granted owner role on subscription level, but I want to remove his owner role for a particular resource group under this subscription. I understand this can be achieved by deny assignment. Therefore wants to know how to create blueprint for…
asked 2022-05-25T09:05:16.68+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 17%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Neha
101
Reputation points
answered 2022-08-08T17:15:11.32+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 94%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELE%3C/text%3E%3C/svg%3E)
Lucas Edson
21
Reputation points