Intune - Limit role to add/remove devices to groups
Hi everyone, I am trying to figure out how to limit the permissions in Intune just to add and remove devices to groups. Any groups would be fine, a specific subset of groups would be better. For the moment I tried: Azure roles: Cloud Device…
Does Azure custom role needs additional assignment other than defining assignable scopes.?
Need to understand the behaviour of azure custom role when a subscription is defined in assignable scopes and not assigned to any users or groups
![](https://techprofile.blob.core.windows.net/images/1zoyXoN1WU-cK0HiaCBihQ.png?8D97A0)
![](https://techprofile.blob.core.windows.net/images/kEaBzx2NUUuiIiWIzwa6Qw.png?8D9F54)
Create Custom RBAC Role to manage PostgreSQL DB
Hello all, I am looking to see if anyone can assist with implementing custom role based access control. My understanding is the Custom RBAC can only be created using portal, Powershell, CLI and REST API. Maybe I am getting it all wrong together. …
![](https://techprofile.blob.core.windows.net/images/8e7482a06e664b24a43dfb238c317fe1.png)
No Permission to copy keys when using RBAC to replicate between sites
Hi! I am trying to copy keys from one vault to an other to be able to decrypt disks in case we need to use site recover. I am using the following method …
How to configure .NPMRC file with out auth token and email in azure pipeline to install private npm packages
please hep me to configure .NPMRC file with out auth token and email in azure pipeline to install private npm packages. in npmrc i have registry and always auth=true. While we are running locally with token and email its working. but in azure how…
![](https://techprofile.blob.core.windows.net/images/Lk9Z6O_Zg0W6xBUdS3lUsg.png?8D8286)
Do multi-tenant applications gives ability to manage resources of users' accounts(tenants) individually by their own?
I want to create an application using java sdk that can create storage accounts on azure cloud. So currently I'm using tenant_id, client_id, client_secret and subscription_id for get the access to the user tenant. My current approach is to do this by…
How can I remove duplicates assignment roles in subscriptions?
How can I remove duplicates assignment roles in subscriptions? I have a few scopes - inherited (subscription) and this resource. How can better do remove duplicate with scope "this resource" or scope inherited? How can I recognize these…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
How to get group/role claim in ID token from Azure B2C?
I followed these steps to get a custom claim in ID token with name 'extension_6de6a54XXXXX4560b9d65731ce869be4_Role'. But, my expected output is 'groups' claim or 'role' claim information. I tried customMappingPolicies to map this ID token claim…
While designing for the migration solution form AWS. What is the cost benefits MS provide
While designing for the migration solution form AWS. What is the cost benefits MS provide
![](https://techprofile.blob.core.windows.net/images/948Lgv5_BwAAAAAAAAAAAA.png?8D9306)
![](https://techprofile.blob.core.windows.net/images/948Lgv5_BwAAAAAAAAAAAA.png?8D9306)
Create a CosmosDB Role Assignment using an ARM Template
I am trying to create a Cosmos DB Role Assignment using an ARM Template. ALl examples I found are creating the role assignments as a child resource of the cosmos account inside the arm template. Nevertheless, I thought it must be possible to have the…
Able to list collections but not query a collection with Cosmos DB REST API
As a follow-up from this (thank you @Anonymous ), I'm able to get a list of collections, but following these instructions I'm not able to query against a particular collection: var url = …
Can Azure resources in subscription access one another, by default?
I am from AWS background and recently started working on Azure. In AWS, you need to assign IAM role to a resource to allow it to access another resource. Do we have something similar in Azure also? Or, can all Azure resources in a subscription access one…
![](https://techprofile.blob.core.windows.net/images/PT7QlfEdr0qdUKsDf1u5tw.png?8D801B)
Microsoft Graph API permissions not works, but yes Azure Active Directory Graph
Hi, We have configured an app registration in our Azure AD, and we tried added some API permissions to know what we need to execute: az ad app update --id xxx --add replyUrls "https://example.com/testing/" We realized that the right…
![](https://techprofile.blob.core.windows.net/images/kEaBzx2NUUuiIiWIzwa6Qw.png?8D9F54)
RBAC on Office 365
Hi! Is there a way to create a RBAC to allow a group of users to manage only one specific license on Office 365 portal? I know that there is the License Admin role, but it allows a group of users to manage any license. I needed to narrow that power…
![](https://techprofile.blob.core.windows.net/images/wZvOoP2_BgAAAAAAAAAAAA.png?8D951D)
![](https://techprofile.blob.core.windows.net/images/wZvOoP2_BgAAAAAAAAAAAA.png?8D951D)
Azure Function to download blobs with OAuth token
I have a huge set of PDFs that are stored on a blob container (let's call it demo_container) , within each pdf file there are links to other pdfs (links are redirecting to the blob also). i'm looking for a way to make sure that links will work only if…
How to add a new user to azure directory with "Owner" role at root (/) scope
How can we add Owner role for a user with root level scope ? When trying with command - az role assignment create --role 'Owner' --scope '/' --assignee-object-id <user-object-id> , following error is seen - The request did not have a…
how to set access permissions for azure blob storage container at folder (prefix) level
How do I set access permissions for entire folder (theoretically prefix) in storage container? Example; I have 2 folders (containing many subfolders/objects) in single container(let's call them folder 'A' and 'B') and 4 members in project team. All 4…
Can client id and client seceret can be same for all subscriptions under tenant ?
Our organisation have one tenant and multiple subscriptions under it . so can we have same application id for all subscriptions under tenant?
Custom RBAC
Can we create a custom RBAC role that has permissions to a specific resource group name in all subscriptions under the same management group but not to anything else within the subscription
is there a way to restrict access to set of users to open my single page application?
I have an static app and I would like to restrict access to my page, I want just a group of users can open my page, how can I do that?