This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 85%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Hi
The Azure Portal fails with the following error message when accessing resources and resource groups for a subscription delegated with Azure Lighthouse:
An error occured when trying to fetch resources. Additional details from the underlying API that might be helpful: Please provide below info when asking for support: timestamp = 2020-08-05T08:26:44.2201451Z, correlationId = 3bb84301-a2dc-433e-b123-bd8d8601095c. (Code: AccessDenied) Access is denied to the requested resource. The user might not have enough permission. (Code: AccessDenied) You can try accessing your resources using Resource Explorer.
Subscription ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
Subscription tenant: M365x447456.onmicrosoft.com
UPN of user that tries to access: demo.requestor@m365x344290.onmicrosoft.com
Tenant ID of user that tries to access: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
ARM template deployed: https://raw.githubusercontent.com/Azure/Azure-Lighthouse-samples/master/templates/delegated-resource-management/delegatedResourceManagement.json
Parameters:
{
"contentVersion": "1.0.0.0",
"$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentParameters.json#",
"parameters": {
"mspOfferDescription": {
"value": "Provides delegated access to subscription"
},
"authorizations": {
"value": [
{
"roleDefinitionId": "b24988ac-6180-42a0-ab88-20f7382dd24c",
"principalId": "7644ff2a-1af8-4879-8081-95e311015090"
},
{
"roleDefinitionId": "acdd72a7-3385-48ef-bd42-f606fba81ae7",
"principalId": "3730b044-78a1-4d9c-90ef-b665d813fa93"
}
]
},
"mspOfferName": {
"value": "Lighthouse Delegation"
},
"managedByTenantId": {
"value": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}
}
}
What is very interesting is that the same user can use Azure CLI, and it works fine. "az group list" and "az storage account list" works just fine, so it is definitely a bug in the portal or something.
Marius
It seems this was only an issue for either demos.microsoft.com tenants or trial subscriptions. Worked for another tenant with a permanent sub.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 39%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
@Marius Solbakken Mellum AFAIK, Azure Lighthouse supports all subscriptions except classic subscriptions. I have tried to reproduce by onboarding trial subscription to Azure Lighthouse and I was able to do it successfully.
In order to further assist you with your issue, please send mail to AzCommunity@microsoft.com include your Azure subscription ID and a link to this thread (for context) and we can continue the conversation. Once we have a resolution, we will post the update to this thread so others in the community can benefit.
@Marius Solbakken Mellum Just following up to check if you need further assistance on this issue.