This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 80%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hi all,
I am taking the Microsoft Azure Fundamentals Online Course on Microsoft Learn.
While I worked on Exercise to Create an Azure Virtual Machine in "Describe Azure Compute and Networking Services", I kept receive errors.
I had followed through the instructions, activated the Azure Sandbox, copy and paste the command:
az vm create \ --resource-group "learn-8cca6b48-7960-4a20-b1a0-1d5023ac4df1" \ --name my-vm \ --public-ip-sku Standard \ --image Ubuntu2204 \ --admin-username azureuser \ --generate-ssh-keys
I received error message:
(AuthorizationFailed) The client 'live.com#XXXXXX@XXXXXX.com' with object id '68bc96a4-7328-4aef-bbfa-96fea79304ee' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/f26515d9-3bc6-4a50-8192-cb816a833f54/resourcegroups/learn-8cca6b48-7960-4a20-b1a0-1d5023ac4df1' or the scope is invalid. If access was recently granted, please refresh your credentials.
Code: AuthorizationFailed
Message: The client 'live.com#XXXXXX@XXXXXX.com' with object id '68bc96a4-7328-4aef-bbfa-96fea79304ee' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/f26515d9-3bc6-4a50-8192-cb816a833f54/resourcegroups/learn-8cca6b48-7960-4a20-b1a0-1d5023ac4df1' or the scope is invalid. If access was recently granted, please refresh your credentials.
** I had masked the email address in the error message **
I attached the capture for reference as well.
Then I search on internet and Q&A, some others had posted the similar problem they had faced. I had tried all suggested solutions, including jumping to Unit 9 of 14 to allow creating the "learn-xxxxx", I can see from portal.azure.com that "learn-xxxx" is created. But the error still exist.
And next I tried to follow the posts which one of the post was suggested by Microsoft Vendor, to follow some steps, including:
I also tried:
but NO LUCK and still receive ERROR messages.
Another funny thing is that, I found 2 "Concierge Subscription" always stay in the Subscriptions, which they did not dismiss along with Sandbox previously did the exercises.
And there is no way to remove it.
Altogether, it comes up I cannot follow the instructions to complete the exercises. and my Azure account got 2 subscriptions in the sandbox directory.
Can anyone share if you may have the same problems and is there anyways can resolve it? so I can continue to do the exercises?
Hope any one of you who knows this and can share info, please share and help me to resolve.
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 86%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi js231,
Thank you for reaching out to us on the Microsoft Q&A forum.
We understand you are experiencing issues creating a VM in the sandbox while working through the module "Describe Azure compute and networking services."
Here are the troubleshooting steps to resolve the issue:
Please note that modifying permissions in the Microsoft Learn sandbox is restricted to prevent unintended consequences. The Concierge Subscription is automatically created for sandbox environments to provide necessary resources, and we do not have permission to delete or modify it due to these inherent restrictions.
Also, in a sandbox environment, the access control configurations are pre-set and typically cannot be modified by the user.
If you continue to face issues, please let us know in the comments. We are here to help.
If you find this information helpful, please acknowledge by clicking the "Upvote" and "Accept Answer" buttons on the post.
Hi js231,
Thank you for reaching out to us on the Q&A forum.
Based on my understanding of the issue, you're practicing the following Learning Path exercise:
Section: Describe Azure architecture and services
Module: Describe Azure compute and networking Azure
Unit 3: Exercise - Create an Azure Virtual Machine
Unit 9: Exercise -configure network access.
Please correct me if you are referring to a different exercise.
Was the sandbox still active when you copy/pasted the above command into the cloud shell?
It is intended for you to activate a new sandbox and complete all of the tasks in Unit 3 (earlier exercise) and Unit 9 (exercise you are referring to) in less than 1 hour. The sandbox expires after an hour and all the resources are deleted automatically.
If you scroll back up to the top of the exercise you can see the remaining time before the sandbox expires.
Please go back to Unit 3 Exercise, activate a new sandbox, perform all of the tasks, jump to Unit 9 Exercise, perform all of the tasks, and then reply back with your results.
We have tried multiple times to reproduce the issue, but we haven't faced any error.
If the issue continues to persist, please do not hesitate to reach out to us.
If you find this information helpful, please acknowledge by clicking the "Upvote" and "Accept Answer" button so that it is useful for other members in the Microsoft Q&A community.
Hi js231,
Just checking in to see if you had got a chance to see the previous comment. To benefit the community, find the right answers, please do mark the post which was helpful by clicking on Accept Answer. if you are still facing the issue, please don't hesitate to reach out to us. We are happy to help you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E8%3C/text%3E%3C/svg%3E)
Thailand[IMG_1611.png](/api/attachments/0cd50010-44f3-4226-acaf-2ca9bba28e18?platform=QnA)
I tried the procedures on the day many times and it does not work.
But I left the computer and exercise for 2 days without signing in and executing the exercise, then I tried it again after 2 days. It is working now.
But another thing is about the Conceige Subscriptions, they are still remained in the Portal.Azure.com even the sandboxes were expired before.
Any suggestions about that?
Hi js231,
It sounds like you're encountering an issue where Concierge Subscriptions are still visible in the Azure portal even after the associated sandboxes have expired. This can happen for a few reasons, and there are steps you can take to resolve it.
Why This Happens
Steps to Resolve
1. Clear Cache and Refresh
2. Check Subscription State
3. Remove Subscriptions Manually
If the subscriptions are still visible and you have the necessary permissions, you can try to remove them manually:
az account list --output table
This command lists all subscriptions associated with your account. Look for the subscription ID of the Concierge Subscription you want to remove.
az account clear --subscription <subscription-id>
Replace <subscription-id> with the actual ID of the subscription.
4. Contact Support
If the above steps do not resolve the issue, contacting Azure support would be the next best step. They can help ensure that the expired sandboxes and associated subscriptions are cleaned up properly.
Preventing Future Issues
By following these steps, you should be able to remove the expired Concierge Subscriptions from your Azure portal and prevent similar issues in the future.
Additionally reference link:
If you find this information helpful, please acknowledge by clicking the "Upvote" and "Accept Answer" button so that it is useful for other members in the Microsoft Q&A community.