Azure Role-based access control

OneDrive -storage is full, can't delete old file versions because a retenetion policy prevents it

Hello I want to delete a retention policy in Microsoft Purview / Data lifecycle management. Theoretically when I click the checkbox on the policy, Edit option should show up. And although I am the Global Administrator - that doesn't happen. Any idea…

Missing Cosmos DB Built-in Data Reader and Cosmos DB Built-in Data Contributor roles in Access Control (IAM)

I'm trying to assign roles to managed identity in Cosmos DB, through browser using Access Control (IAM). Unfortunately two build in roles Cosmos DB Built-in Data Reader and Cosmos DB Built-in Data Contributor are not there. How can I add managed…

My development manager needs to be able to set up apps and wants to configure blob and kubernetes, how do i grant him access to do this

I want to set my developer up to be able to create new apps, upload code and add any services needed and am unsure how to do this

What Admin Role Allows Releasing Quarantined Emails?

I am looking to add permissions to an admin account that allows this admin to release quarantined emails. I do not want to give them global admin, but I have not found a admin role that allows someone to release these emails. As a global reader this user…

ACCESSO AZURE

Non riesco ad effettuare l'accesso, ricevo la telefonata per l'autenticazione ma mi appare il messaggio che vedete nello screenshot allegato. Marco Marianelli

Link Audit logs to Groups or Role or Privilege

I am wondering how can I link the audit logs from Azure AD to Role, Group or Privilege? The logs just have the action and the category. Is there a way by which I can understand using what Role or Group privilege this action was taken?

azure.core.exceptions.ResourceNotFoundError: (MissingSubscription) The request did not have a subscription or a valid tenant level resource provider.

Azure Support Team, Requirement: To create a custom RBAC role using Python(3.12) Code is pasted below: On executing the code getting the following error azure.core.exceptions.ResourceNotFoundError: (MissingSubscription) The request did not have a…

"Insufficient privileges to complete the operation" while using Graph API

The access token I get from the following curl request curl "$IDENTITY_ENDPOINT?resource=https://graph.microsoft.com&api-version=2017-09-01" -H secret:$IDENTITY_HEADER does not have the permission to list or create user. Request: GET…

Is Devbox available for GCC High

Working on provisioning a Microsoft Dev Box environment in Azure and ran into a road block creating the Dev Box Definition in the Dev Center. The only error after validation failed I get is: "Image failed to validate. NotAcceptable: The tenant is in…

How to delegate permissions to Service desk team for managing MFA in Azure Active Directory

How to delegate permissions to Service desk team for managing MFA in Azure Active Directory. just MFA reset (revoke and re-register) rights. please suggest

Which permissions or roles are needed to view the details in an application insights dashboard

I have create an application insights dashboard to display information on a AKS cluster and resources. I have also created a security group for the accounts that I would like to allow access to the dashboard. Right now the users within the security…

Custom roles are not returned when i query a users memberof endpoint in graph api

Hi, I have used graph api users memberOf endpoint to get the roles assigned for a user . The response from the endpoint returns all the groups and roles that is assigned for that user , but the custom defined role is not returned . Is there any other way…

Is it possible to receive notification emails when PIM (Privileged Identity Management) assignments are removed?

Hi all, As a global administrator I'm receiving email notifications when users are assigned any PIM Entra roles. However, when those user roles are removed by other administrators I'm not receiving any notifications. Is there any configuration I…

Removing Role Assignments when the Scope is locked - tracking down what to unlock

I've mistakenly added a role assignment (Storage Account Contributor) to a file share. Now that I'm trying to remove that role assignment, I'm receiving an error stating that the scope is locked. When access the locks, the only lock listed is the…

Received error while deploying Bicep. Error: "The role assignment request schedule is invalid. (InvalidRoleAssignmentRequestSchedule)"

Hi Team, I'm currently utilizing Bicep to enable Azure AD Privileged Identity Management (PIM) with a custom role. I've created an AD Group and assigned a Custom Role to it, which includes the following actions: "Microsoft.Authorization//read",…

Cannot See Index tagging in while uploading Blob in ADLS gen2

Teams calls going to Voicemail after elevating and deactivating access in PIM

When users elevate or deactivates access their calls go straight to voicemail. The only way to fix the issue is to quit teams and reload.

Microsoft Teams

Microsoft Teams

A Microsoft customizable chat-based workspace.

9,202 questions

Sign in to follow

Azure Role-based access control

Azure Role-based access control

An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.

683 questions

Sign in to follow

Required help on correcting the Bicep template for assigning the role assignment at resource level scope

Hi, we are in the process of generating several public IPs using the provided Bicep template. Our goal is to allocate role assignments to all these IPs within the scope of the resource level. However, we are encountering numerous challenges in…

azure kubernetes ingress can't acces key vault's certificate

Okay I have azure kubernetes service with running dockerized app, with ingress(I used creating ingress (preview)) everything works fine except certificate, I created key vault, inside uploaded certificate to use for domain, I have "Azure…

I am already an Azure Global Admin for our company but still, I cannot assign AVD/VMs to our users.

I am already an Azure Global Admin for our company but still, I cannot assign AVD/VMs to our users. I have assigned myself different admin roles that I can get but still, I can't do such assigning Azure Virtual Desktops to our users. Please help. Thanks.