question

RajaAravapalli-0457 avatar image
0 Votes"
RajaAravapalli-0457 asked RajaAravapalli-0457 commented

Get-AzureADMSPrivilegedResource comlet is failing with Gateway Timeout! <AzureADPReview module>

Hi

I want to elevate a Azure Resource thru PIM Elevation. And after long search, i found that ... AzureADPreview is the module that helps me do that!

But, i am not able to move forward, as i keep facing this error of Gateway Timeout! when i try the below command!!

 Get-AzureADMSPrivilegedResource –ProviderId AzureResources


I have ensured trying all below to ensure that i have logged into Azure Account...

Connect-AzAccount
Connect-AzureAD
Connect-pimservice
Connect-MgGraph
Connect-Graph

Also, had set the subscription in context, but NO Luck!

Below are the links i referred ...

102491-image.png


102482-image.png


azure-ad-privileged-identity-management
image.png (10.1 KiB)
image.png (45.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered RajaAravapalli-0457 commented

Hi @RajaAravapalli-0457 · Thank you for reaching out.

The Gateway Timeout error occurs when you are unable to reach required Azure endpoint.

When you run Get-AzureADMSPrivilegedResource –ProviderId AzureResources cmdlet, in the backend a graph call is made. You may try using Graph Explorer to directly make this call.

  1. Open Graph Explorer in an in-private browser session.

  2. Click on sign-in button in the left pane and sign in with Global Administrator account.

  3. Call: GET https://graph.microsoft.com/beta/privilegedAccess/AzureResources/resources/

  4. If above call fails with 401, click on Modify Permissions and grant consent for PrivilegedAccess.ReadWrite.AzureResources permission.

  5. If it fails with Gateway Timeout error, check with your network team if traffic for graph.microsoft.com is being blocked.

If possible, try using an Azure VM with unrestricted internet access and try these steps and running Get-AzureADMSPrivilegedResource cmdlet.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@amanpreetsingh-msft Thanks a lot for the response.

Can you pls help me what this Global Administrator Account means ?

I am just a user of different azure resources like Data factory / databricks etc. Every time I need to work with production azure resource, i am struggling do that elevation of access only thru Azure Portal.

I am have this elevation of access thru powershell cmdlets using AzureADPreview module ... but unfortunately... not able to do this.

Even in the Graph Explorer, as i am not a global administrator I am not able to query the resources.

What is in general .. how to get global administrator access ? any pointers please ?

0 Votes 0 ·

Hi @RajaAravapalli-0457 · Global Administrator is a role with maximum privileges in Azure AD. You may also use Privileged Role Administrator role for this purpose as this role just provide admin access for PIM.

To assign directory role, an administrator of your Azure AD tenant needs to navigate to:

Azure Portal > Azure Active Directory > Roles and administrators > Select Global Administrator or Privileged Role Administrator > +Add Assignment > Select your user account > Add.

If you are added as a standard user account, you will not be able to perform above steps. You will have to contact your IT department and work with them to provide you with this access.

1 Vote 1 ·

@amanpreetsingh-msft Thanks a lot for detailed response. That helps!

0 Votes 0 ·