Azure Role-based access control

Log Analytic Workspace - Permissions in Enterprise

We are in the process of planning our RBAC for a new Azure environment within an Enterprise scale organisation. I'm trying to determine how we best provide access to logs. Within the non-production environments, it seems that the resource-context…

Administritor Role assignment on Azure Portal can not choose Scope Type for Service Principal

We are currently having problem with Role assignment in our Azure AD logging one of azure administrator account, The "Scope Type" field was grey (have tried Application Administrator, Cloud Application Administrator, Privileged Role…

Azure AD Connect Sync errors detected

Get-AzureADDirectoryRole and "Global Administrator" vs. "Company Administrator"

The documentation suggests "In the Microsoft Graph API and Azure AD PowerShell, this role is identified as "Company Administrator". It is "Global Administrator" in the Azure portal." This used to be the behaviour. However,…

Registered App does not appear in IAM role assignment

Hi, I'm quite new to Azure. I have a registered App. I need to assign a role "Network Contributor" in IAM to the App. However, when I try to add the role to the registered App via IAM, the App does not appear as an option to select. I…

Microsoft Reseller access for licensing

Hello, We attempted to purchase a monthly subscription to project and the Microsoft reseller is asking us to give them global administrator role access to our Azure domain. This doesn't seem right to me. Is there another way this can be done? Thank…

How to run Azure powershell as administrator

Hi, I am using Azure powershell opened from Azure portal, so i dont need to install helm, as it is inbuilt. Now I also want to run commands in this Azure powershell as administrator. I am working in a windows system, so "sudo" is not…

Blob operation Failed (Error Code 2011) with RBAC on Gen2

Copy operation failed (see the screen capture below) when RBAC was used on Gen2 storage account(general purpose V2). We followed Managed identities for Azure resource authentication steps to setup RBAC Data Factory managed Identity was granted…

Contributor of a resource group

If I assign a user as a Contributor of a resource group , so he can create/delete any resources in that resource group ?? does he need any roles at subscription level ?

Convert my Powershell script to JSON

Hi Team, I have a PowerShell script with few "foreach" loops "if statements". Sample script : https://video2.skills-academy.com/en-us/answers/questions/151254/can-we-inherit-the-tags-from-azure-vm-and-then-ass.html I would want…

We need to assign a role groups to all subscriptions automatically if they dont have one.

Hi Team, We have few common groups and roles which are assigned to our subscriptions in the Tenant. We need to validate if these groups are present in all of our subscriptions and if not present, add those groups along with groups permissions as…

Azure Subscription IAM - Custom role - Resource Group only

Hi, I want to create a role which limits the entities available within a subscription. E.g if a subscription has 100 entities, I want to provide a role which has read acess to a subset only ( e.g those with a similar tag or within the same resource…

New-AzRoleAssignment to assign Billing account reader role to billing account

Hi, I'm reading through the docs (https://video2.skills-academy.com/en-us/powershell/module/az.resources/new-azroleassignment?view=azps-5.1.0) and have tried multiple commands but am unsure how to do it correctly, or if it is even possible to assign the…

Azure deny assignments

Hello Team, Need suggestion on Azure Deny Assignments, I have user who has permission (Reader + User Access Administrator) to assign the roles, But I would like to restrict same user to assign himself as a Owner / Contributor and delete some of the…

What permission do I need to add users to the "Owners" section of an Azure AD Enterprise Application?

I'm the Configuration Owner of an Azure AD Enterprise Application that I registered myself (not from the Gallery) I can add users in "Users & Groups" but I can't modify the "Owners" section, the Add button shows greyed out . …

AKS aad rbac enabled user impersonation

Hi, This question is partially related to k8s and azure authentication. The answer might very well be "no" but at least then I'd know to look for a work around. Is the impersonation api exposed on rbac enabled aks services? I'm writing…

RBAC for User Principals in Java

I haven't understood how the authentication and authorization works for User Principals. I want to create a Client in Java to use for interactions with all the SDK APIs. I want to make calls at a User Principal level. This article…

Relationship between Service Principal and Client Secret

Is the Client Secret a password for the Service Principal? Or is it a password for the global application object itself?

Azure Service Catalog managed application - access different resource group via RBAC

Hello, I have a Service Catalog Managed Application that creates a virtual machine and runs a custom script to download files from an existing blob storage (in a separate resource group). It works when I use an explicit connection string, but I want to…

Windows device category and company portal

Hello, I am new to intune. I have 2 questions that I think are tied together to something I'm missing or didn't find good documentation on. Little background : I work for a company with offices and IT teams split between several locations. All…