Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
809 questions
1 answer
Az CLI command for Role Assignment create for a AD group which should valid for 4hours
Hi Ref:https://learn.microsoft.com/en-us/cli/azure/role/assignment?view=azure-cli-latest#code-try-5 i have privileged access PIM to create the role assignment using the below command sh 'az role assignment create --assignee-object-id <obj_id>…
asked 2024-10-07T16:45:35.25+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 78%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Battu, Srikanth
0
Reputation points
commented 2024-10-10T11:27:25.1666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya
10,955
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
AADSTS50011 Error when referencing Azure Active Directory Powershell
I'm attempting to set up a controlled-access computer such that users can only access the machine if they are in a corresponding Security Group. The code I've been advised to run for this setup is below. When I run it, I get an AADSTS50011 error when I…
asked 2024-10-03T21:07:10.5166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 73%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDS%3C/text%3E%3C/svg%3E)
Daniel Seitz (DXC Technology Services LLC)
20
Reputation points Microsoft Vendor
accepted 2024-10-09T16:35:00.19+00:00
Daniel Seitz (DXC Technology Services LLC)
20
Reputation points Microsoft Vendor
1 answer
Is it safe to add the global "Microsoft Azure App Service" to Key Vault Role Assignments
Unfortunately, it seems that KeyVault Certificates are currently still in an unstable state where RBAC is not properly implemented. Further details of the specifics and a solution to the problem can be seen here…
asked 2024-09-25T12:45:50.4366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 6%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERD%3C/text%3E%3C/svg%3E)
Robbie Dyer
0
Reputation points
commented 2024-10-09T15:00:58.5033333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Akhilesh
9,845
Reputation points Microsoft Vendor
2 answers
not able to change access configuration policy
CODE InsufficientPermissions MESSAGE RAW ERROR Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: https://go.microsoft.com/fwlink/?linkid=2155160. Details:…
asked 2023-10-19T05:18:01.9833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 37%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHG%3C/text%3E%3C/svg%3E)
himani ghildiyal
10
Reputation points
commented 2024-10-08T08:52:37.5133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 83%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
steeve thomar
1
Reputation point
1 answer
Impossible operate on my Azure Free account
Hi all, after deleted erroneously some role from my user, I'm no longer able to operate with my subscription/account. I deleted some role from my user and now it seems be blocked. I'm not able to add permission/role again. It's a deadlock. I'm trying to…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 36%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
2 answers
I am uanble to upgrade my account because my billing access was changed automatically by Azure
Recently my account was disabled. I would like to find out how to enable it and upgrade it. Its not letting me upgrade.
asked 2021-02-15T16:56:56.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 99%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EO%3C/text%3E%3C/svg%3E)
odsbyz
6
Reputation points
answered 2024-10-07T22:08:27.7633333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 54%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDO%3C/text%3E%3C/svg%3E)
David Osaretin Urhoghide
0
Reputation points
3 answers
One of the answers was accepted by the question author.
Application gateway listener error when trying to use key vault certificate using managed identity and RBAC
Hi, I'm trying to setup a listener in application gateway to use a certificate from keyvault using managed identity. But every time whne I choose in portal the managed identity and then select the key vault from the dropdown menu I get this error: …
asked 2021-10-08T06:19:49.1+00:00
Martin Cangar
31
Reputation points
commented 2024-10-07T20:20:03.8566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 46%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDU%3C/text%3E%3C/svg%3E)
Dhruvil Upadhyay
0
Reputation points
1 answer
One of the answers was accepted by the question author.
In Microsoft Defender for cloud I’m trying to enter an email but it gives me privilege error and I am Global Admin
Hi Team In Microsoft Defender for cloud I’m trying to enter an additional email addresses but it gives me privilege error and I am Global Admin Regards
asked 2024-10-04T07:56:59.46+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 31%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Sánchez, Alberto
40
Reputation points
accepted 2024-10-04T11:05:25.8133333+00:00
Sánchez, Alberto
40
Reputation points
1 answer
Unable to add non-Global Admin account to sign in to a Windows PC
I am helping a small company who signed up for Microsoft 365 to use Office applications. The domain mydomain.com has been created at Microsoft 365 and Exchange is running fine. Users are using their Microsoft 365 accounts to log in to office.com to…
asked 2024-09-27T07:54:38.1566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 57.99999999999999%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
K. Kong
126
Reputation points
commented 2024-10-04T07:38:13.52+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 79%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Clément BETACORNE
2,266
Reputation points
3 answers
One of the answers was accepted by the question author.
Unable to set 'server parameters' in Postgres SQL Flexible Server on Azure
HI All, I'm trying to set a dynamic parameter, require_secure_transport parameter on Azure Database for PostgreSQL flexible server. I've got contributor rights but getting the following error. The client 'xxx@xxx.xxx' with object id 'xxx' does not have…
asked 2024-09-24T02:18:19.9+00:00
Danny Chuah
40
Reputation points
accepted 2024-10-03T11:39:11.2833333+00:00
Danny Chuah
40
Reputation points
1 answer
Is role inheritance applied to resources in the Resource Group?
Hello, I have a regarding role inheritance that I would like to get your help. Is role inheritance applied to resources in the the resource group? Thanks, Dun
asked 2024-10-01T17:34:31.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 48%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETM%3C/text%3E%3C/svg%3E)
Tran, Minh
20
Reputation points
answered 2024-10-01T18:04:25.0333333+00:00
TP
95,221
Reputation points
1 answer
One of the answers was accepted by the question author.
Can the role "Authentication Administrator" configure passwordless authentication?
With the task: "You need to configure passwordless authentication. The solution must follow the principle of least privilege." Which role should be assigned to complete the task? I would say Authentication administrator, but the…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 72%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELV%3C/text%3E%3C/svg%3E)
2 answers
No puedo acceder al código de 6 dígitos que se debería mostrar en la aplicación de autentificación
Soy estudiante y hace unos meses para entrar a teams o correos de educa.removed.es me pedía un código de 6 dígitos, me instalé la aplicación de autentificación y todo estaba bien pero me cambié de móvil y no hice copia de seguridad por lo tanto no se…
asked 2024-09-29T10:35:46.1366667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 28.999999999999996%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJP%3C/text%3E%3C/svg%3E)
Juanjo Prado Esteban
0
Reputation points
answered 2024-10-01T05:03:24.1466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
19,111
Reputation points Microsoft Employee
1 answer
Guest users granted contributor role do not receive automatically e-mail invitation
I am trying to understand if this a problem for other people or I am doing a mistake somewhere. When I was allocating contributor role from Azure Subscriptions - Access Control menu to guest users, it says clearly in the activity logs that the guest user…
asked 2024-09-18T09:07:57.6933333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 83%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
devschool_mihaib
0
Reputation points
commented 2024-09-30T21:44:18.2233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(105.60000000000001, 1%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
Patchfox
3,921
Reputation points
0 answers
I have a new connection is working as expected for the SSO but the Single logoff is causing it to loop back to sign on.
I have a new connection is working as expected for the SSO but the Single logoff is causing it to loop back to sign on. Any suggestions on how to stop that action.
asked 2024-09-17T17:22:45.9466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 94%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Thomas, Nathan Bernard [External]
0
Reputation points
commented 2024-09-30T21:00:50.2766667+00:00
Thomas, Nathan Bernard [External]
0
Reputation points
1 answer
One of the answers was accepted by the question author.
What roles does my user need to have assigned in order to be able to create custom roles (RBAC)?
Hi everyone, I'm trying to create a custom role for users to be able to start/restart/stop the VMs they have access to, following this article. However, when I try to create a custom role from Azure CLI, I'm getting the following error: The client xxx…
asked 2024-09-25T14:15:03.09+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 74%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENR%3C/text%3E%3C/svg%3E)
Nicolas Raddatz
20
Reputation points
commented 2024-09-30T18:11:38.4766667+00:00
Nicolas Raddatz
20
Reputation points
1 answer
Level 2 AD Group & SQL server Microsoft Entra admin group & usage of IS_MEMBER for Row Level Security
Currently we are running into an issue developing Row Level Security since the IS_MEMBER does not work for the Microsoft Entra Admin group setup for that SQL server.…
asked 2024-09-06T05:57:57.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 45%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Sandeep Kumar
0
Reputation points
commented 2024-09-27T18:41:43.16+00:00
James Hamil
24,666
Reputation points Microsoft Employee
1 answer
Received error - "AADSTS399266: Blob grant token received with wrong issuer type."
I am trying to use the code from this microsoft learn page - https://learn.microsoft.com/en-us/samples/azure-samples/ms-identity-ciam-javascript-tutorial/ms-identity-ciam-javascript-tutorial-0-call-api-vanillajs/ and configure the Ids. When trying to…
asked 2024-09-05T20:42:40.4133333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 39%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENB%3C/text%3E%3C/svg%3E)
Narisetti, Bernard
0
Reputation points
commented 2024-09-27T18:41:30.44+00:00
James Hamil
24,666
Reputation points Microsoft Employee
1 answer
How can you access Azure resources using user-assigned managed identities within Azure Databricks?
We're trying to move to using managed identities where we can. Is it possible to use user-assigned managed identities to access resources such as sql server databases, application insights, log analytics etc. through Azure Databricks? We thought added…
asked 2024-09-24T00:51:08.3666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(60.8, 15%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAM%3C/text%3E%3C/svg%3E)
Aatish Master
0
Reputation points
answered 2024-09-27T04:00:52.4633333+00:00
PRADEEPCHEEKATLA-MSFT
89,646
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Could you explain how to configure the following virtual machine settings?
To address the tasks you've outlined, here's a structured approach: For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs. To create a…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 66%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)