Link Audit logs to Groups or Role or Privilege
I am wondering how can I link the audit logs from Azure AD to Role, Group or Privilege? The logs just have the action and the category. Is there a way by which I can understand using what Role or Group privilege this action was taken?
Teams calls going to Voicemail after elevating and deactivating access in PIM
When users elevate or deactivates access their calls go straight to voicemail. The only way to fix the issue is to quit teams and reload.
Required help on correcting the Bicep template for assigning the role assignment at resource level scope
Hi, we are in the process of generating several public IPs using the provided Bicep template. Our goal is to allocate role assignments to all these IPs within the scope of the resource level. However, we are encountering numerous challenges in…
azure.core.exceptions.ResourceNotFoundError: (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider.
Azure Support Team, Requirement: To create a custom RBAC role using Python(3.12) Code is pasted below: On executing the code getting the following error azure.core.exceptions.ResourceNotFoundError: (MissingSubscription) The request did not have a…
azure kubernetes ingress can't acces key vault's certificate
Okay I have azure kubernetes service with running dockerized app, with ingress(I used creating ingress (preview)) everything works fine except certificate, I created key vault, inside uploaded certificate to use for domain, I have "Azure…
I am already an Azure Global Admin for our company but still, I cannot assign AVD/VMs to our users.
I am already an Azure Global Admin for our company but still, I cannot assign AVD/VMs to our users. I have assigned myself different admin roles that I can get but still, I can't do such assigning Azure Virtual Desktops to our users. Please help. Thanks.
Received error while deploying Bicep. Error: "The role assignment request schedule is invalid. (InvalidRoleAssignmentRequestSchedule)"
Hi Team, I'm currently utilizing Bicep to enable Azure AD Privileged Identity Management (PIM) with a custom role. I've created an AD Group and assigned a Custom Role to it, which includes the following actions: "Microsoft.Authorization//read",…
I need to assign a policy to the tenant root management group from a new user account.
what is the role needed for the user? How to do it?
Azure B2C Sign In & Sign Up custom field still showing asterix on non-mandatory field
Hi Were using Azure B2C and specifically the Sign In 7 Sign Up User flow with our own Sign up template. I have added a custom field - 'Mobile Number' and we had previsouly set it to be mandatory. This rightly shows an asterix next to the label to inform…
If a user want to assign a policy to the tenant root management group, what role can do this?
Global administrator role? Owner role of the subscription?
Is it possible to receive notification emails when PIM (Privileged Identity Management) assignments are removed?
Hi all, As a global administrator I'm receiving email notifications when users are assigned any PIM Entra roles. However, when those user roles are removed by other administrators I'm not receiving any notifications. Is there any configuration I…
AuthorizationPermissionMismatch error when accessing blob file with indirect permission in RBAC
Hi, I'm using BlobContainerClient for accessing blobs from code (C#) private async Task<BlobClient> GetBlobClientAsync(string blobName, string container, CancellationToken cancellationToken) { var containerClient = await…
Discussion around different ways to implement PIM for Azure resources
I've found there are two ways to use PIM to grant access to Azure resources and I'd like to understand the differences, if any, between the two. The outcome is the same however the process/workflow to achieve it is different. Method 1 Create an Entra ID…
Elevated Access for Azure AD Users
Hey guys, I'm managing 100 Azure AD users who utilize corporate-owned laptops for signing in and performing tasks. All these users are configured as standard users. Therefore, when the IT team runs an application with elevated access or doing…
Azure Key Vault RBAC permissions required for APIM to retreive a cert?
Hi I have a Azure API manager setup and want to add a custom domain. We have deployed Azure Key Vault and uploaded a certificate. We have deployed Key Vault with the recommended "role-based access control" We have given the APIM managed…
Assign RBAC "Key Vault Administrator" role to Azure App via C# (.NET SDK)
I use below C# code create KeyVault with RBAC permission model. using KeyVaultModels = Microsoft.Azure.Management.KeyVault.Models; KeyVaultModels.VaultProperties vaultProperties = new KeyVaultModels.VaultProperties() { EnableRbacAuthorization = true, …
What role will I have when I migrate a subscription to a new Tenant/Directory?
Hi All, Starting in September 2024 Classic Admins will be removed. I am wondering what is going to happen when I do a migration (directory change) of a subscription from one tenant to another. Usually the user who does the "Change Directory"…
To add a backend pool and health probe to loadbalancer, which role is needed?
Network contributor on loadbalancer level? Network contributor on the resource group level?
How to fix - MsalClaimsChallengeException: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
Working on azure web app and it was working fine , suddenly i am getting below error MsalClaimsChallengeException: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. The same app is…