Azure B2C approles and permissions
Hi, Is there a way where I can define application roles AND also what each role can actually perform? I see we can define approles in the manifest, but what about roles permissions. So that in my application I can like enable/disable UI element…
Azure – Access Control (IAM): Invisible custom roles
In Azure, I was playing with custom roles, I created some then I deleted them. I saw them in the listing at Subscriptions>#######>Access Control (IAM)>Roles where I used the type filter to make it show only the custom roles. They were…
What RBAC role is needed to access the Networking blade in Azure Kubernetes Service?
I'm trying to allow a user access to the Networking blade of an AKS cluster in order to update the API server IP allowlist. As a manner of debugging, I've given this user the Owner role across the containing resource group and the cluster, but the user…
correct flow of authentication in flask api and angular frontend
Hello, i have an angular SPA as a frontend of an API written with flask. I want to protect my API with login with microsoft accounts of my organization. What is the best way to do that? I tried to authenticate in angular and then send the…
Devops Access in Azure AD
One of the developers reached out sending me the first error.I assigned him "App Developer" role but it generates a new error now,any advice will be helpful.
Is there a way to prevent external invited users from being in IAM roles on a subscription?
Looking to see if it's possible to prevent/block guest accounts from IAM roles on a subscription.
Cannot access App Service Logs blade as Owner
I'm assigned as Owner to a resource group. No deny assignments are defined. When opening Logs blade of an App Service in that resource group I get an error You do not have authorization to access this resource.…
Send Event to Event Grid Topic from ADF Web activity using Managed Identity
Hello! I wish to send an event from ADF "Web" Activity to event grid topic. I managed to do it with sending "aeg-sas-key" from web activity as documented here. However, when I tried to achieve the same through ADF Web activity…
Enteprise access model, tier level classification of administrators
I am currently setting up the Enterprise Access Model recommended by Microsoft. In the documentation of Privileged Access Groups, I am wondering what is meant by "Tier 3 Office Admins". Does the tier refer to the administration level or to the…
What are the minimum permissions required to create a budget?
I'm trying to create a minimal CustomRole for running terraform on my hobby project. One of the first things I'm trying to automate is the creation of a Budget so that I can be sure I get alerted before spending too much money. The terraform provider…
Microsoft Azure Cloud service management API fails with 401: Unauthorized error?
We are integrating the Role Assignments - List API from Microsoft Azure Cloud Management APIs, Link to documentation: https://video2.skills-academy.com/en-us/rest/api/authorization/roleassignments/list#errordetail We have done all of the configs mentioned:…
Global reader unable to view any environment in admin.powerplatform.microsoft.com
We have PIM enabled and a user is enabled with Global reader access. User is able to access all other admin centers like exchange and can view the configuration but no configuration like environments, capacity is visible in powerplatform admin center. Is…
Group multiple managed identities into one group for role-assignment
Hi, I have a use case that I would like to check if it's possible to implement on our environment: We are using a lot of logic apps (playbooks) which needs an access to a specific storage account in the same resource group. I want to implement a…
We are looking for create a global read custom role at Root management group level
We are looking to create a global read custom role at Root management group level, we have elevated the access in one account but i can not see the option on the portal to create a custom role at this level. Can you please let me know if this is…
How to apply azure policies as per AKS RBAC managed by Active Directory?
Team, We have 3 level of AD roles in Azure kubernetes. Admin --> created while making the cluster SRE --> Have almost 85 to 90% control on AKS. DEV user-> Have less control and only able to work in their specific namespace. Now…
How to Manage Role Assignment and API Permissions?
I have an application that will consume my API service and I encountered issues regarding the approval. My request to consume the API service did not reflect to the approval page. The assessment is, the API service has given lots of permissions and roles…
Roles to be requested for a security assessment
I'm trying to figure out the exact privileges to ask for when a customer needs to create an account on their Azure AD tenant during a security audit. I have identified the roles: "Security Reader" which allows access to the CSA ; …
In Azure, Could the user administrator have permissions to manage MFA?
For Example: Could user administrator add security questions to the reset process?
Customer wants to ensure security of their Tenant-data and they want to ensure they have only access.
Azure Plan (Tenant) --Subscription 1 Provider (CSP) and customer both have access --Subscription 2 Provider (CSP) and customer both have access --Resources Group Only Customer has access Customer wants to ensure security of their data and they want to…
Control who logs into VMs via Azure AD Domain Services
Looking at setting up Azure AD Domain Services for several VMs in Azure (include 2 SQL Servers in a cluster for Availability Groups). If we do that how can we control which people from the AAD can log into the machines - is that just done by making an…