question

JusiahKatumba-8804 avatar image
0 Votes"
JusiahKatumba-8804 asked SadiqhAhmed-MSFT commented

unauthorised subscription access using Api

Happened to see an authorized access to my pay as you go subscription .
they scheduled Microsoft.CostManagement/scheduledActions/dailyanomalybyresourcegroup

should i be worried of any malicious damage and how can i block them fro accessing my subscription

azure-cost-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SadiqhAhmed-MSFT avatar image
0 Votes"
SadiqhAhmed-MSFT answered SadiqhAhmed-MSFT commented

@JusiahKatumba-8804 Thank for contacting us and I apologize for the delayed response!

You mentioned that you noticed an unauthorized access on your Pay-As-You-Go subscription and wanted to know if the access can blocked.

This action "Microsoft.CostManagement/scheduledActions/dailyanomalybyresourcegroup" can only be performed by user who has appropriate access to the subscription. For example: The user must be an owner or contributor.
Doc references: Scheduled Actions - Create Or Update and Scheduled Actions - Delete

You might want to check what is your access level at the subscription as well as at directory level. Also check who else has "Owner" or "Contributor" access to the subscription.
Refer to - https://techcommunity.microsoft.com/t5/itops-talk-blog/what-s-the-difference-between-azure-roles-and-azure-ad-roles/ba-p/2363647

Update:
Was thinking perhaps i deploy a blueprint for billing and Global administrator. My only worry is wont it lock my colleagues out too. A read only policy.
-If you completely block all users then yes it does. You can use RBAC - https://docs.microsoft.com/en-us/azure/role-based-access-control/overview to define required roles for each user to avoid unauthorized access to resources.

Hope this helps!


If the response helped, do "Accept Answer" and up-vote it




· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


@SadiqhAhmed-MSFT Thank you for the response. Have gone through this and was thinking perhaps i deploy a blueprint for billing and Global administrator. My only worry is wont it lock my colleagues out too. A read only policy.

0 Votes 0 ·

If you completely block all users then yes it does. You can use RBAC - https://docs.microsoft.com/en-us/azure/role-based-access-control/overview to define required roles for each user to avoid unauthorized access to resources.

1 Vote 1 ·

Hello when i move my virtual box intact to a new subscription is there a possibility of the unauthorized user accessing it again in the new subscription via inheritance. And how can i migrate without downtime if possible.Thanks

0 Votes 0 ·
Show more comments