Adding Users to Azure Log Analytics via the Azure Portal

  • Article

Azure Log Analytics is the system used to run Services Hub On-Demand Assessments. Currently, user management is handled through the Azure Portal (not the Azure Log Analytics-specific user management features). This will enable customers users to add/remove/configure assessment as well as linking. (Scenario 2 is for Azure Log Analytics access only & people with @microsoft email addresses are recommend to use Scenario 2)

To add a new user to an Azure subscription, follow these steps.

Add a New User to an Azure Subscription

Note

Only someone with an ‘Owner’ designation can add users to a subscription.

Scenario 1 - Add someone from your organization/tenant

  1. Sign in to Microsoft Azure portal and navigate to Subscriptions in the left-hand navigation bar. If you don't see Subscriptions, scroll down and click More Services and search for it.

Microsoft Azure window, which shows a list of the organization's Azure Subscriptions.

  1. Once selected, Subscriptions will display a list of the Azure Subscriptions your organization manages.

  2. Select the Azure subscription that’s associated with the Azure Log Analytics workspace and linked to the Services Hub account you want to add users to.

  3. Click Access Control, then Add.

  4. Next, select a Role and add the email address of the person you want to add. Once done, click Save.

Note

We recommend you add users as an Owner or Contributor to assure that users have the permission needed in Azure Log AnalyticsS to add, remove, and configure assessments._

Microsoft Azure window, which shows that a user has been successfully added to a role.

  1. If you added people using their Microsoft Accounts/Live IDs, see Authenticating a Managed Services Account Holder in Azure.

Scenario 2 - Adding someone from outside your organization/tenant

  1. Sign in to the Azure portal and navigate to Log Analytics in the left-hand navigation bar.

Microsoft Azure Portal window, which shows a list of Log Analytics workspaces within the user's organization.

  1. Once selected, Log Analytics will display a list of the Azure Log Analytic workspaces within your organization manages.

  2. Select the Azure Log Analytics workspace that is linked to your Services Hub to add users to.

  3. Click Access Control, then Add.

  4. Next, select a Role and add the email address of the person you want to add. Once done, click Save.

  5. If the user you add is not part of your tenant, that user will receive and email to finish the process and have access to the Azure Log Analytic workspace. If the portal doesn't let you invite the email ID you are trying to add, your Azure Active Directory Global Administrator might have blocked Invite Guest Users feature. To learn how to invite guest users, see Invite Guest users to your active directory.

Note

We recommended you add users as a Log Analytics Reader to grant @microsoft users access to your Azure Log Analytics workspace to view your assessments. They will not have access to your Azure subscription.

Caution

If the "Invite External User" rule is blocked on the Azure Active Directory the above option to invite a user will be greyed out. You will have to ask the Azure Active Directory Global Administrator to invite the @microsoft user. To do that, please follow the below steps.

  1. Sign in to the Azure portal and navigate to Azure Active Directory in the left-hand navigation bar.

  2. Locate Roles and Administrators on the left pane and search for Global Administrator

  3. Once selected, you will be able to see who the Azure Active Directory Global Administrator is and anyone on that list would be able to invite the guest user.