User don’t have authorization to perform action 'Microsoft.Resources/deployments/validate/action
Whenever a new user added to the directory tries to deploy custom azure templates, they get the following validation error - User don't have authorization to perform action 'Microsoft.Resources/deployments/validate/action Following roles are already…
Problem to generate blob storage SAS-token in WebApp
Hi, First I want to let you know that I'm beginner with Azure. I have a problem to generate SAS-token (view-access token) for my blob storage container in my webapp server code. I'll get an 403 (unauthorized) error when trying to generate the token. I…
Azure Subscription showing Owner role identity not found.
Hello, I am facing a strange issue. When I am checking my Azure Subscription, Access control (IAM) - The owner role is showing - Identity not found, Unable to find identity. Here is the screenshot. Can you help? Thanks, Anuraj
Build in Rbac Monitoring
I used this Azure document to create a build in rbac alert https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-alert But the problem is, after the alert was created I am not receiving an email when the rbac is assigned to…
"Insufficient privileges to complete the operation" while using Graph API
The access token I get from the following curl request curl "$IDENTITY_ENDPOINT?resource=https://graph.microsoft.com&api-version=2017-09-01" -H secret:$IDENTITY_HEADER does not have the permission to list or create user. Request: GET…
How to assign Reader Access to an Azure SQL Database
Is assigning a Reader Role access in the Azure Server level to XXXXXXX-sql-01.database.windows.net sufficient to view/read tables or databases hosted on the SQL Server? How can I properly assign a Reader role to XXXXXXX-sql-01.database.windows.net?
Move Subscription to Management Group
Hi Team, We have created management groups (have Owner access) and have a few subscriptions with Owner access. When we try to move the subscriptions to the management groups from portal , getting error as below Add subscription failed. An error…
I need to create a policy that blocks sign in of M365 accounts if MFA is not enabled, How do I do this?
Hi, as described above, I need to create a policy that blocks sign in of office 365 accounts, if the account in question does not have MFA enabled on it, how can I achieve this? Thanks!
How to create an alert for azure storage account if there is data action permissions assigned to a custom role or a built in role
I want to create an alert using a Kusto query when a custom role is assigned data action permissions for azure storage account or a current role is modified with the data action permissions for the azure storage account
Giving access to multiple Resource Group
Can you please help me how to give Contributor access in 'managedidentity1' to multiple resource group (eg : RG1, RG2, RG3)?
How to change account administrator for an Azure subscription
Hi guys, I have to change classic subscription administrator roles (I know they will be retired next year), because I don't want the guy who created the subscription to have those roles anymore. To do that I logged in with his account and changed the…
Errors Role assignment creation failed & subscription identifier is malformed or invalid.
I am preparing for Azure DevOps exam. Using this link, trying to create service principal. (link:…
Deleted Virtual Network restricting access of my Global Admin account
Hi, I have an issue where if I try to run certain commands or do certain actions I am being blocked from doing so. When running commands in Powershell, such as "Set-AzWebApp", I get a "BadRequest" error. It becomes a little clearer…
Why ceating private endpoint in existing key vault blocks the public access from all network as well as selected network fails?
In Key Vault, Customer firewall is set to public and some to selected network with list of IPs. As soon as we create private endpoint, all other previous connection with pubic/selected network fails. But based on below documentation, I would like…
Possible in azure to view roles required to view specific resource?
So I am wondering if you can view through IAM or some other blade what role is necessary to access resources. EX. with Key Vault, To be able to view and change keys and secrets you need "Key Vault Administrator" Role. When Clicking "View…
Granting permission to managed identity for PIM approvals
I am building a logic app that will send adaptive cards in teams to PIM role approvers when a user requests to activate it. However, I am unable to find a way to allow a managed identity within the logic app to authenticate via the graph API to approve…
As a global administrator, my access seems to be limited
It seems having some issues with using azure portal starting today, the account of our company seems to be limited to access those features that we normally used in the past. Please see the following screenshots and help us out, thank you.
How to transition from classic administrators to RBAC for a one-man shop?
I am the only Owner and the only Service administrator for the subscription. There are no Co-Administrators. What should I do to carry out the instruction in the email, "Action required: Transition from Azure classic administrator roles to RBAC…
I want Global Reader access but no access to subscription billing information // Or need to know if I can see actual billing cost related information with Read access
microsoft.commerce.billing/allEntities/allProperties/readRead all resources of Office 365 billingmicrosoft.commerce.billing/allEntities/allProperties/readRead all resources of Office 365 billingmicrosoft.commerce.billing/purchases/standard/readRead…
How to transition from classic administrators to RBAC for a one-man shop?
I am the only Owner and the only Service administrator for the subscription. There are no Co-Administrators. What should I do to carry out the instruction in the email, "Action required: Transition from Azure classic administrator roles to RBAC…