Identity architecture: Conditional access with MFA
How to use a Conditional Access with multifactor authentication (MFA) in free trial version? Which license are required using Conditional Access? Which better I can use a conditional access under the following web address: - www.portel.azure.com …
Issues with API call to get Azure service tags - Service Tag Discovery API
I am trying to execute API calls to get the Azure IP Ranges and Service Tags – Public Cloud (see link https://www.microsoft.com/en-us/download/details.aspx?id=56519). I was able to setup an Azure account and created an app. I created a Python script to…
How to protect sensitive data in Azure?
I would like to load sensitive data in an Azure Data Lake Storage Gen2. I need to make sure that this data can not be read by the global administrator or any other kind of super user. How can this be realized? I think role-based access control is not…
Azure portal access invite is failing for READ ONLY user with error 'Invite Redemption failed'
I have invited a user by adding in role based access in Azure portal with read only access. This have generated a meeting invited but while redeeming the meeting invite it is failing with above error. Please help what to check.
Difficulty creating a custom role with specific permissions
Hello, I am trying to create a custom role on the Azure portal that includes a number of permissions from the existing Auth Admin role. However, I cannot find certain permissions such as microsoft.directory/users/authenticationMethods/create,…
not able to change access configuration policy
CODE InsufficientPermissions MESSAGE RAW ERROR Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: https://go.microsoft.com/fwlink/?linkid=2155160. Details:…
Metadata permissions clarity
Hello, Having a few doubts related to Metadata permissions. What is metadata read/write permissions? What is the use of it, and whether this permission is required for an user who majorly uses only Azure portal for managing the resources? How to…
Unable to remove constraint for owner role
I added a constraint on owner role under "Role assignment condition" I am trying to delete that constraint .Using the following steps But Im getting the following error . Can anyone please guide me with a solution . Appreciate…
Azure Policy: check subscription role assignments
Hi everyone We have different types of users in our Azure AD. Only a certain subset of them are allowed to administer Azure resources. Those all start with "ACO" or "ACA". We now wish to create an Azure Policy that checks whether only…
Lighthouse
Hello All, I gave Contributor role (on a subscription) to users via Lighthouse to manage a customer. The users get access with no problem to the customer subscription, can start and stop VM, create a resource group, start and stop backup, etc. The…
What pre-built role to read the Microsoft Defender for Endpoint and vulnerabilities
what pre-built role (in intune or Entra ID) can be assigned to read the Microsoft Defender for Endpoint and vulnerabilities, Global Reader and Security Reader can only Read Defender for Identity or Defender for cloud but for some reason can't access to…
Deleting duplicate owner in role assignment leads to lost of Access to Azure Subscription
Hello, Not long ago, I tried assigning roles to my coworkers. When all thing's done, I saw that there are 4 duplicates of my account in the owner role, so i tried deleting 2 of those role. After that azure portal won't let me in with message saying I'm…
Assistance Required: Issues with ARM Template Deployment for Managed Identity
Hello Azure Community, I am experiencing issues with deploying my resources via an ARM template. Despite having all the 'dependsOn' elements specified, the deployment continues to fail. Below, I have provided the relevant parts of my ARM template and the…
Issue in connecting cognitive service to communication
I am trying to connect azure cognitive service to communication service. Followed the tutorial in mic learn for the process. I have subscribed a phone number in communication service resource, created a webhook link. Any calls made to the number is…
Issue in connecting cognitive service to communication
Facing 403 forbidden error. What could be the issue
I have subscription , in the subscription there are so many users with contributor access , i want to give access to see the state file to only one spn user how can we do that?
i have azure subsciption , i have contributor role for multiple users in the subscription leval , i have one storage account , in the storage account one state file is there, it only visisble for one particular spn user other then all the contributor…
I want to limit acccess for some staff to our static IP addresses
We promote not taking work home. We have set up static IP addresses for some of out locations and we want to limit some of our staff to only be able to access MS applications from those locations. I do have a P2 license and I am a global admin.
How would I create a role to be Synapse Admin but block particular pipeline and linked services
We a introducing a new source of data into Synapse which is highly sensitive. However currently my team have admin on Synapse and dedicated SQL pool. How can I allow them to keep some of the admin access but not allow them to see the pipelines and linked…
Need Help with Multi-Tenant Azure Access Management
Hi, I'm seeking advice on managing Azure access across multiple external organizations. We manage Azure for Org A and create accounts for Orgs B and C but don't manage their Azure environments. Azure B2B isn’t an option for us. Challenges: Multiple…
User with Website Contributor role is able to add tags
Hi all, I've noticed that the user with "Website Contributor" role is able to add tags to the app service, even if in the documentation this role is missing Microsoft.Resources/tags/write permissions. How this behaviour can be explained?