Storage Gen2 API in Postman
Hi , I am new to Azure Portal and would like to use the Azure Gen2 API to create the files on storage. I have been able to generate the access token in Postman - [https://login.microsoftonline.com/]()<tenant id>/oauth2/v2.0/token I now have access…
az ad group member list not returning results
In the version "azure-cli 2.40.0", the command "az ad group member list" returns an empty array even though the group has members, this used to work in the previous versions. For the same combination of group and member id the…
"Insufficient privileges to complete the operation" while using Graph API
The access token I get from the following curl request curl "$IDENTITY_ENDPOINT?resource=https://graph.microsoft.com&api-version=2017-09-01" -H secret:$IDENTITY_HEADER does not have the permission to list or create user. Request: GET…
Authorization failed when when writing a roleAssignment
I'm receiving the following error when trying to create a role assignment using terraform: Error: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error.…
Error when exectuing a powershell script aganist Azure
Hi, I've following the script, which gives me the output App name, Expires date, etc of App registration secrets that are expiring in 1 year. It is working fine for Azure Playgrounds, this playground is provided by Kodekloud. But when i execute the…
The request did not have a subscription or a valid tenant level resource provider.
When i trying to run command az ad sp create-for-rbac --role="Contributor" --scopes="/subscription/<<Subscription ID>>" I am getting error as (MissingSubscription) The request did not have a subscription or a valid tenant…
locked out of directory because i removed account from mfa on my phone
hi - i have 2 directories in my azure portal. i can log into one and i can see the other but cannot switch to it, because i removed that account from the authenticator app on my phone (i know, silly) and it is set up to require mfa. trouble is, there are…
Assigned "User Administrator" role to user, but user cannot reset a user password.
Hello! I've assigned the "User Administrator" role for a particular user we'd like to test. Role has been set to "active" in Privileged Access Management. Test user even gets the email that their access has been elevated in…
Get-AzWvdSessionHost gives error: Cannot bind argument to parameter 'SubscriptionId' because it is null.
Hi! I am getting an error, if I am tring to run the Get-AzWvdSessionHost command from a Powershell script. The error is: Cannot bind argument to parameter 'SubscriptionId' because it is null. If i am connecting in interactive mode, using…
Issue Capturing VM fortigate as an image
Hello i am trying to Capture an vm of fortigate as an image and it doesnt work does azure support capturing nva machines as an image? if no is there another way to save nva as an image ?
Missing Cosmos DB Built-in Data Reader and Cosmos DB Built-in Data Contributor roles in Access Control (IAM)
I'm trying to assign roles to managed identity in Cosmos DB, through browser using Access Control (IAM). Unfortunately two build in roles Cosmos DB Built-in Data Reader and Cosmos DB Built-in Data Contributor are not there. How can I add managed…
Azure Service Principal owner cannot reset credentials with az cli
Hello, as an Azure subscription admin I created a service principal and granted another user as Owner of the SP itself. This user is trying to reset SP credentials with command az ad sp credential reset --id <application id> but he gets the…
Azure Management Group - Cannot add subscription if Owner via Security Group
I'm building an Azure Management Group structure where I'm having issues with the add subscription option to a sub-management group where the option is grayed out when Owner role is assigned via and AAD Security group. So in short, does Azure Management…
correct way to give read permission to view multiple app services
Hi What would the correct way be to assign read permissions to all app services? I'm currently giving read access to the sub but that is more than is needed I also don't want to have to assign the permissions to each individual app service …
Azure RBAC and AKS not working as expected
Hello, I have create an AKS Cluster with AKS-managed Azure Active Directory and Role-based access control (RBAC) Enabled. If I try to connect with the Cluster by using one of the accounts which are included in the Admin Azure AD groups…
Azure PIM for global reader role - No resources to discover
Hi everyone, I'm currently testing Azure PIM to delegate read permissions to our Azure tenant. I've assigned with PIM the "Global reader" role for a test account, which has validated the access. The scope defined is…
Azure - Failed to delete public IP address The client 'XXX@XXXX.com' with object id XYZ does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/delete' over scope 'XYZ'
User is global administrator. Cannot delete resources in the tenancy. Any idea why? Failed to delete public IP address 'XYZ'. Error: The client 'Tech.XYZ@Anonymous .com' with object id 'XYZ' does not have authorization to perform action…
Error during POD deployment for configuring Workload identity
I follow this document, https://learn.microsoft.com/en-us/azure/aks/learn/tutorial-kubernetes-workload-identity#create-an-aks-cluster And seeing this error on running logs command for the pod kubectl logs pods/mypod I am learning this topic, not sure…
Difficulty creating a custom role with specific permissions
Hello, I am trying to create a custom role on the Azure portal that includes a number of permissions from the existing Auth Admin role. However, I cannot find certain permissions such as microsoft.directory/users/authenticationMethods/create,…
User don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action
Whenever a new user added to the directory tries to deploy custom azure templates, they get the following validation error - User don't have authorization to perform action 'Microsoft.Resources/deployments/validate/action Following roles are already…