What pre-built role to read the Microsoft Defender for Endpoint and vulnerabilities
what pre-built role (in intune or Entra ID) can be assigned to read the Microsoft Defender for Endpoint and vulnerabilities, Global Reader and Security Reader can only Read Defender for Identity or Defender for cloud but for some reason can't access to…
How would I create a role to be Synapse Admin but block particular pipeline and linked services
We a introducing a new source of data into Synapse which is highly sensitive. However currently my team have admin on Synapse and dedicated SQL pool. How can I allow them to keep some of the admin access but not allow them to see the pipelines and linked…
I have subscription , in the subscription there are so many users with contributor access , i want to give access to see the state file to only one spn user how can we do that?
i have azure subsciption , i have contributor role for multiple users in the subscription leval , i have one storage account , in the storage account one state file is there, it only visisble for one particular spn user other then all the contributor…
I want to limit acccess for some staff to our static IP addresses
We promote not taking work home. We have set up static IP addresses for some of out locations and we want to limit some of our staff to only be able to access MS applications from those locations. I do have a P2 license and I am a global admin.
Need Help with Multi-Tenant Azure Access Management
Hi, I'm seeking advice on managing Azure access across multiple external organizations. We manage Azure for Org A and create accounts for Orgs B and C but don't manage their Azure environments. Azure B2B isn’t an option for us. Challenges: Multiple…
Deleting duplicate owner in role assignment leads to lost of Access to Azure Subscription
Hello, Not long ago, I tried assigning roles to my coworkers. When all thing's done, I saw that there are 4 duplicates of my account in the owner role, so i tried deleting 2 of those role. After that azure portal won't let me in with message saying I'm…
User with Website Contributor role is able to add tags
Hi all, I've noticed that the user with "Website Contributor" role is able to add tags to the app service, even if in the documentation this role is missing Microsoft.Resources/tags/write permissions. How this behaviour can be explained?
Account is requesting MFA without being active in the policy.
Good afternoon, There is a user in Azure who does not have an MFA policy, but even so, it asks at login to register a phone number and at login it asks for a second factor that if registered, the phone number would be SMS. Could you give me an idea of…
How to get assigned RBAC roles in a resource group which has only apps and managed identities as owners and administrators?
I want myself to have Managed Identity Contributor role in an azure resource, but I cant find the admin or owner. Only managed identities and apps are listed as owners and administrators. Whom to ask for role assignment?
Azure Policy Tag add tag if missing
I set a new policy for existing resources to add required tag if missing. scenario1: Resource1 have the following tags and value Tag name = Project Value = ProjSSO Tag name = Purpose Value = app login however if the the policy trigger I received an…
Microsoft.Authorization/roleAssignments DevOps CI / ARM Template Issue
Hi, I've been using DevOps and ARM templates for a long time. Until now, I have not had to use the Microsoft.Authorization/roleAssignments resource provider under a storageAccount/tableService/tables scope before. I have managed to add some Storage Table…
"Insufficient privileges to complete the operation" while using Graph API
The access token I get from the following curl request curl "$IDENTITY_ENDPOINT?resource=https://graph.microsoft.com&api-version=2017-09-01" -H secret:$IDENTITY_HEADER does not have the permission to list or create user. Request: GET…
How would I go about setting up CA for our environment, so that MFA isn't required?
So I have been made aware that MS is forcing MFA on their tenants. Now I am still inexperienced when it comes to MS Cloud, Azure and Entra. Now we have a few different tenants and an on-prem environment. Now while we are getting our users on it we will…
How to delegate permissions to Service desk team for managing MFA in Azure Active Directory
How to delegate permissions to Service desk team for managing MFA in Azure Active Directory. just MFA reset (revoke and re-register) rights. please suggest
Adding a group of users to a group with AKS permissions ate resource group level fails to provide necessary permissions
If I correctly understand Azure then there are 3 scopes at which resource permissions can be applied: Subscription Resource Group Resource I have an AKS cluster, a group "AKS-Admins" (with all roles required to access the cluster applied…
Azure permissions for MS Authenticator registration campaign
I am trying to access the registration campaign under Security > Authentication Methods in Azure, but I keep getting a 403 error saying I do not have permission. My manager gave me article1 and article2 to figure out which "blade" I need…
same domain access
how do I provide access to multiple users with same domain
File level authentication with MSAL via web browser
Legacy app currently using secure Basic Authentication to establish file level access permission. How is file level access permission established using MSAL?
Can you please provide a list of users or groups who currently have the Owner role or a higher-level administrative role (such as Global Administrator) for the Azure subscription?
In the process of enabling PIM, added a group for the owner role in the subscription and removed all individual direct users. But that role was mistakenly added with a condition excluding the access to add new owner role assignments. Now, we are unable…