Az CLI command for Role Assignment create for a AD group which should valid for 4hours
Hi Ref:https://learn.microsoft.com/en-us/cli/azure/role/assignment?view=azure-cli-latest#code-try-5 i have privileged access PIM to create the role assignment using the below command sh 'az role assignment create --assignee-object-id <obj_id>…
AADSTS50011 Error when referencing Azure Active Directory Powershell
I'm attempting to set up a controlled-access computer such that users can only access the machine if they are in a corresponding Security Group. The code I've been advised to run for this setup is below. When I run it, I get an AADSTS50011 error when I…
Is it safe to add the global "Microsoft Azure App Service" to Key Vault Role Assignments
Unfortunately, it seems that KeyVault Certificates are currently still in an unstable state where RBAC is not properly implemented. Further details of the specifics and a solution to the problem can be seen here…
not able to change access configuration policy
CODE InsufficientPermissions MESSAGE RAW ERROR Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: https://go.microsoft.com/fwlink/?linkid=2155160. Details:…
Impossible operate on my Azure Free account
Hi all, after deleted erroneously some role from my user, I'm no longer able to operate with my subscription/account. I deleted some role from my user and now it seems be blocked. I'm not able to add permission/role again. It's a deadlock. I'm trying to…
I am uanble to upgrade my account because my billing access was changed automatically by Azure
Recently my account was disabled. I would like to find out how to enable it and upgrade it. Its not letting me upgrade.
Application gateway listener error when trying to use key vault certificate using managed identity and RBAC
Hi, I'm trying to setup a listener in application gateway to use a certificate from keyvault using managed identity. But every time whne I choose in portal the managed identity and then select the key vault from the dropdown menu I get this error: …
In Microsoft Defender for cloud I’m trying to enter an email but it gives me privilege error and I am Global Admin
Hi Team In Microsoft Defender for cloud I’m trying to enter an additional email addresses but it gives me privilege error and I am Global Admin Regards
Unable to add non-Global Admin account to sign in to a Windows PC
I am helping a small company who signed up for Microsoft 365 to use Office applications. The domain mydomain.com has been created at Microsoft 365 and Exchange is running fine. Users are using their Microsoft 365 accounts to log in to office.com to…
Unable to set 'server parameters' in Postgres SQL Flexible Server on Azure
HI All, I'm trying to set a dynamic parameter, require_secure_transport parameter on Azure Database for PostgreSQL flexible server. I've got contributor rights but getting the following error. The client 'xxx@xxx.xxx' with object id 'xxx' does not have…
Is role inheritance applied to resources in the Resource Group?
Hello, I have a regarding role inheritance that I would like to get your help. Is role inheritance applied to resources in the the resource group? Thanks, Dun
Can the role "Authentication Administrator" configure passwordless authentication?
With the task: "You need to configure passwordless authentication. The solution must follow the principle of least privilege." Which role should be assigned to complete the task? I would say Authentication administrator, but the…
No puedo acceder al código de 6 dígitos que se debería mostrar en la aplicación de autentificación
Soy estudiante y hace unos meses para entrar a teams o correos de educa.removed.es me pedía un código de 6 dígitos, me instalé la aplicación de autentificación y todo estaba bien pero me cambié de móvil y no hice copia de seguridad por lo tanto no se…
Guest users granted contributor role do not receive automatically e-mail invitation
I am trying to understand if this a problem for other people or I am doing a mistake somewhere. When I was allocating contributor role from Azure Subscriptions - Access Control menu to guest users, it says clearly in the activity logs that the guest user…
I have a new connection is working as expected for the SSO but the Single logoff is causing it to loop back to sign on.
I have a new connection is working as expected for the SSO but the Single logoff is causing it to loop back to sign on. Any suggestions on how to stop that action.
What roles does my user need to have assigned in order to be able to create custom roles (RBAC)?
Hi everyone, I'm trying to create a custom role for users to be able to start/restart/stop the VMs they have access to, following this article. However, when I try to create a custom role from Azure CLI, I'm getting the following error: The client xxx…
Level 2 AD Group & SQL server Microsoft Entra admin group & usage of IS_MEMBER for Row Level Security
Currently we are running into an issue developing Row Level Security since the IS_MEMBER does not work for the Microsoft Entra Admin group setup for that SQL server.…
Received error - "AADSTS399266: Blob grant token received with wrong issuer type."
I am trying to use the code from this microsoft learn page - https://learn.microsoft.com/en-us/samples/azure-samples/ms-identity-ciam-javascript-tutorial/ms-identity-ciam-javascript-tutorial-0-call-api-vanillajs/ and configure the Ids. When trying to…
How can you access Azure resources using user-assigned managed identities within Azure Databricks?
We're trying to move to using managed identities where we can. Is it possible to use user-assigned managed identities to access resources such as sql server databases, application insights, log analytics etc. through Azure Databricks? We thought added…
Could you explain how to configure the following virtual machine settings?
To address the tasks you've outlined, here's a structured approach: For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs. To create a…