Adding groups to Administrative Units
I navigated to Entra https://entra.microsoft.com/ under Identity > Roles and admins > Admin Units and created an Administrative Unit with Restricted Management enabled. This was done while I was elevated to Global Admin. After creating the…
Custom Role definition to give the user the right of creating ONLY SAS tokens used for reading data from storage account
Hello! My team wants to create a custom Role for accessing data from the storage account. For now the user has only Reader role assigned to it. What we want to achieve is giving the recipient of this role the right to read blob data and to view the…
Unable to access Azure SQL db ressource from automation account
I am Unable to access Azure SQL db ressource from automation account runbook. I've added user access to the automation account and to the SQL server. I couldn't find a way to add the identity to the SQL database too. After all that I still getting the…
![](https://techprofile.blob.core.windows.net/images/7dd62906ebb64619a24fef594240e81c.png)
How to access the Carbon Optimization Service as an admin?
Hello, With our admin account, it not possible to access the Carbon Optimization Service. But for the subscription selected, the account really has a role of Service Administrator, which should grant access to all the resources, right? It also doesnt…
create subscriptions
Hi All i have an Azure Tenant, i want to provide access to one of my user to create subscriptions. What level of access is required. Do the access needs to be provided at the management group level. Experts guide me.
Scoping Custom Role With microsoft.directory/auditLogs/allProperties/read Role Permission
Hi Community, Can you have a custom role with the microsoft.directory/auditLogs/allProperties/read role permission and use Admin Units to scope to devices only? Is this a scope'able permission? Kind Regards, Jamie
![](https://techprofile.blob.core.windows.net/images/h8y9Xcd7x0e8KDiXXSGMFQ.png?8D84A0)
Azure Ligthouse User Access Admin group not working
In Azure AD I am assigned to an Azure Lighthouse group that is supposed to give me the 'User Access Administrator' role to all subscriptions from another tenant that is enrolled in Lighthouse. When I view my access on the subscriptions, I can see that my…
access to azure storage from React App
Hello, We are running a REACT app on an APP service. The APP has a BACK END in TS and a front end in REACT. In our application our customers can create posts with images. These images must be saved in a blob container. I cannot find the best solution to…
Azure "Add role Assignment' is disabled. I have tried with both Owner and User Admin Access role.
Hello, I have both Owner and User Access Admin permission. But when I want to "add a role assignment for an Application" I noticed that my account for adding roles has been disable, see image How do I enable this option. Regards.
Get-AzureADDirectoryRole and "Global Administrator" vs. "Company Administrator"
The documentation suggests "In the Microsoft Graph API and Azure AD PowerShell, this role is identified as "Company Administrator". It is "Global Administrator" in the Azure portal." This used to be the behaviour. However,…
![](https://techprofile.blob.core.windows.net/images/sA8LhgAAAwAAAAAAAAAAAA.png?8D83DF)
Limiting pipeline access in Azure DevOps
I am working on an Azure DevOps project and would like to add a new user to the project. However, I would like to restrict the user's access to code source or my repo while still allowing them to add and edit my pipeline and YAML files. Is there a way to…
Cannot change Entra ID's from another tenant as Classic Admins to RBAC roles in another tenant
Entra Id's from tenant 1 that are Classic Administrators in tenant 2 can't be switched over to RBAC roles. No rights assigned when we try.
Unusual Activity on admin account
Hello, I have an issue that my main administrative account on my Azure Portal has been limited due to unusual activity. I dont know what to do to get it unblocked but when I do check permissions on my resource group it just says unusual activity. Please…
How to delete/destroy an Azure account
Hello, I can't access to my Azure account, it was link to my previous company and their AD, and when i'm logging i have an issue : Message: AADSTS500213: The resource tenant's cross-tenant access policy does not allow this user to access this tenant. Is…
Cannot create a support ticket
I am the owner of a blob storage account. I keep getting billed for things that I completely do not understand and the support pages on Azure suck. When I try to create a support ticket, I keep getting bumped to support pages that do not answer my…
How to Create a Incident managment and change management in Azure devops
Hi Team, I am looking to create an incident management and Change control process, can you please share some input. Regards, Krishna. This question is related to the following Learning Module
What is the cause of the following error - "getting assigned identities for pod <namespace>/<pod_name> in CREATED state failed after 20 attempts, retry duration [5]s" , while connecting to IMDS endpoint from a pod in AKS.
I am trying to connect to Azure Key vault via user assigned managed identity from a pod of AKS. I have provided the necessary RBAC role to the identity. I have created Azure Identity and Azure Identity Binding. I have updated my deployment with…
Lighthouse
Hello All, I gave Contributor role (on a subscription) to users via Lighthouse to manage a customer. The users get access with no problem to the customer subscription, can start and stop VM, create a resource group, start and stop backup, etc. The…
Global reader unable to view any environment in admin.powerplatform.microsoft.com
We have PIM enabled and a user is enabled with Global reader access. User is able to access all other admin centers like exchange and can view the configuration but no configuration like environments, capacity is visible in powerplatform admin center. Is…
What Azure role assignments would i need to allow a dba permissions to manage Azure SQL resources including storage accounts?
I am looking at assigning role assignments to a DBA to manage Azure SQL resources from the Azure Portal including managing a specific storage account. Currently, the permissions are set as follows: Contributor Reader SQL Security Manager …