What is the cause of the following error - "getting assigned identities for pod <namespace>/<pod_name> in CREATED state failed after 20 attempts, retry duration [5]s" , while connecting to IMDS endpoint from a pod in AKS.
I am trying to connect to Azure Key vault via user assigned managed identity from a pod of AKS. I have provided the necessary RBAC role to the identity. I have created Azure Identity and Azure Identity Binding. I have updated my deployment with…
Lighthouse
Hello All, I gave Contributor role (on a subscription) to users via Lighthouse to manage a customer. The users get access with no problem to the customer subscription, can start and stop VM, create a resource group, start and stop backup, etc. The…
How to add new field to request member to input in Microsoft Azure Group
Hi, I have situation like this: I have a group of users, with owners and members. The owners can actually add new members (by typing new members' emails) to the group, to see different reports. However, for the new members, we only want them to see their…
Roles required to create Azure support ticket.
Me and my senior have access to same Azure subscription, when i try to create support ticket with the subscription, it is showing we have only basic plan enabled for our subscription so technical support is not enabled for this, but when my senior…
access to azure storage from React App
Hello, We are running a REACT app on an APP service. The APP has a BACK END in TS and a front end in REACT. In our application our customers can create posts with images. These images must be saved in a blob container. I cannot find the best solution to…
Does such a user have access to adjacent sub-resources?
Hi, I have a question about user permissions Can someone please explain me to better understand user permissions: let's say under tenant root group, I create a user1 and management-group1. Under management group1, I create a subscription1 and user2.…
Could you explain how to configure the following virtual machine settings?
To address the tasks you've outlined, here's a structured approach: For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs. To create a…
How to protect sensitive data in Azure?
I would like to load sensitive data in an Azure Data Lake Storage Gen2. I need to make sure that this data can not be read by the global administrator or any other kind of super user. How can this be realized? I think role-based access control is not…
How to Access APIM API from Azure Function with Managed Identity without OAuth authentication call
I have created a function app to call an API from APIM and I have added security of Auth 2.0 in the API settings. Also I have added Managed identity to the function app , and added that managed identity in APIM IAM to give API Management Service Reader…
What role will I have when I migrate a subscription to a new Tenant/Directory?
Hi All, Starting in September 2024 Classic Admins will be removed. I am wondering what is going to happen when I do a migration (directory change) of a subscription from one tenant to another. Usually the user who does the "Change Directory"…
Identity architecture: Conditional access with MFA
How to use a Conditional Access with multifactor authentication (MFA) in free trial version? Which license are required using Conditional Access? Which better I can use a conditional access under the following web address: - www.portel.azure.com …
Issues with API call to get Azure service tags - Service Tag Discovery API
I am trying to execute API calls to get the Azure IP Ranges and Service Tags – Public Cloud (see link https://www.microsoft.com/en-us/download/details.aspx?id=56519). I was able to setup an Azure account and created an app. I created a Python script to…
Azure portal access invite is failing for READ ONLY user with error 'Invite Redemption failed'
I have invited a user by adding in role based access in Azure portal with read only access. This have generated a meeting invited but while redeeming the meeting invite it is failing with above error. Please help what to check.
Difficulty creating a custom role with specific permissions
Hello, I am trying to create a custom role on the Azure portal that includes a number of permissions from the existing Auth Admin role. However, I cannot find certain permissions such as microsoft.directory/users/authenticationMethods/create,…
not able to change access configuration policy
CODE InsufficientPermissions MESSAGE RAW ERROR Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: https://go.microsoft.com/fwlink/?linkid=2155160. Details:…
Metadata permissions clarity
Hello, Having a few doubts related to Metadata permissions. What is metadata read/write permissions? What is the use of it, and whether this permission is required for an user who majorly uses only Azure portal for managing the resources? How to…
Unable to remove constraint for owner role
I added a constraint on owner role under "Role assignment condition" I am trying to delete that constraint .Using the following steps But Im getting the following error . Can anyone please guide me with a solution . Appreciate…
Azure Policy: check subscription role assignments
Hi everyone We have different types of users in our Azure AD. Only a certain subset of them are allowed to administer Azure resources. Those all start with "ACO" or "ACA". We now wish to create an Azure Policy that checks whether only…
What pre-built role to read the Microsoft Defender for Endpoint and vulnerabilities
what pre-built role (in intune or Entra ID) can be assigned to read the Microsoft Defender for Endpoint and vulnerabilities, Global Reader and Security Reader can only Read Defender for Identity or Defender for cloud but for some reason can't access to…
Deleting duplicate owner in role assignment leads to lost of Access to Azure Subscription
Hello, Not long ago, I tried assigning roles to my coworkers. When all thing's done, I saw that there are 4 duplicates of my account in the owner role, so i tried deleting 2 of those role. After that azure portal won't let me in with message saying I'm…