Limit access to your tenant
By default, everyone who can log in to your Azure Active Directory (AAD) has access to your Azure Sphere tenant and can push new or modified applications to your Azure Sphere devices. To ensure greater security, you can limit access by setting enterprise application permissions for the Azure Sphere API.
You must be a Global Administrator or Application Administrator for the AAD to set enterprise application permissions. By default, the person who signs up for the Azure subscription has this role. Learn more about AAD roles.
Follow these steps to limit access to specific users or groups:
Open the Azure Portal and sign in with your AAD credentials.
Ensure that you are a Global Administrator or Application Administrator for the directory. In the left panel, select Azure Active Directory, then choose Roles and Administrators in the center. Your role is displayed at the top of the rightmost panel:
Select Enterprise Applications in the center panel, below Roles and Administrators.
In the Enterprise Applications screen, select Azure Sphere API.
In Azure Sphere API Properties, set Enabled for users to sign in? and User assignment required? to Yes and select Save.
Under Manage, select Users and Groups, and then select Add to add users.
In the left panel, select Users or Groups (if your Active Directory plan supports groups) to add individual users or groups to your Azure Sphere tenant. Then, in the pane to the right, select the users or groups to whom you want to grant access and choose Select.
Click Assign to add the selected members to the tenant. You should see a list of the users in the panel to the right.