Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
689 questions
1 answer
Received error while deploying Bicep. Error: "The role assignment request schedule is invalid. (InvalidRoleAssignmentRequestSchedule)"
Hi Team, I'm currently utilizing Bicep to enable Azure AD Privileged Identity Management (PIM) with a custom role. I've created an AD Group and assigned a Custom Role to it, which includes the following actions: "Microsoft.Authorization//read",…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 63%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 53%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
0 answers
Teams calls going to Voicemail after elevating and deactivating access in PIM
When users elevate or deactivates access their calls go straight to voicemail. The only way to fix the issue is to quit teams and reload.
Microsoft Teams
Microsoft Teams
A Microsoft customizable chat-based workspace.
9,292 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
689 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(182.40000000000003, 39%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBW%3C/text%3E%3C/svg%3E)
1 answer
One of the answers was accepted by the question author.
Required help on correcting the Bicep template for assigning the role assignment at resource level scope
Hi, we are in the process of generating several public IPs using the provided Bicep template. Our goal is to allocate role assignments to all these IPs within the scope of the resource level. However, we are encountering numerous challenges in…
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(19.2, 44%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
1 answer
azure kubernetes ingress can't acces key vault's certificate
Okay I have azure kubernetes service with running dockerized app, with ingress(I used creating ingress (preview)) everything works fine except certificate, I created key vault, inside uploaded certificate to use for domain, I have "Azure…
asked 2023-11-13T16:40:27.4233333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 96%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGK%3C/text%3E%3C/svg%3E)
Giorgi Kurdadze
0
Reputation points
answered 2024-05-08T09:49:50.1333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(268.8, 89%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Patricia Silva
0
Reputation points Microsoft Employee
1 answer
I am already an Azure Global Admin for our company but still, I cannot assign AVD/VMs to our users.
I am already an Azure Global Admin for our company but still, I cannot assign AVD/VMs to our users. I have assigned myself different admin roles that I can get but still, I can't do such assigning Azure Virtual Desktops to our users. Please help. Thanks.
asked 2024-05-08T06:13:41.8166667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(150.4, 20%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
Jordan Guillermo Admin
0
Reputation points
answered 2024-05-08T07:02:06.9733333+00:00
Luis Arias
5,136
Reputation points
2 answers
One of the answers was accepted by the question author.
I need to assign a policy to the tenant root management group from a new user account.
what is the role needed for the user? How to do it?
asked 2024-05-01T18:56:11.2833333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 2%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELC%3C/text%3E%3C/svg%3E)
Linares Carramolino, Maria Concepción
20
Reputation points
accepted 2024-05-06T06:50:16.8133333+00:00
Linares Carramolino, Maria Concepción
20
Reputation points
0 answers
Azure B2C Sign In & Sign Up custom field still showing asterix on non-mandatory field
Hi Were using Azure B2C and specifically the Sign In 7 Sign Up User flow with our own Sign up template. I have added a custom field - 'Mobile Number' and we had previsouly set it to be mandatory. This rightly shows an asterix next to the label to inform…
asked 2024-04-30T10:34:52.4433333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 81%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENH%3C/text%3E%3C/svg%3E)
Neil Hodges
0
Reputation points
commented 2024-05-03T13:25:59.1633333+00:00
Neil Hodges
0
Reputation points
1 answer
If a user want to assign a policy to the tenant root management group, what role can do this?
Global administrator role? Owner role of the subscription?
asked 2024-04-24T12:40:39.39+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 95%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESQ%3C/text%3E%3C/svg%3E)
Shaojun Qin
100
Reputation points
commented 2024-05-03T04:21:57.45+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
Navya
4,860
Reputation points Microsoft Vendor
1 answer
One of the answers was accepted by the question author.
AuthorizationPermissionMismatch error when accessing blob file with indirect permission in RBAC
Hi, I'm using BlobContainerClient for accessing blobs from code (C#) private async Task<BlobClient> GetBlobClientAsync(string blobName, string container, CancellationToken cancellationToken) { var containerClient = await…
Azure Storage Accounts
Azure Storage Accounts
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
2,781 questions
Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,511 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
689 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,423 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,951 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 46%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKZ%3C/text%3E%3C/svg%3E)
0 answers
Discussion around different ways to implement PIM for Azure resources
I've found there are two ways to use PIM to grant access to Azure resources and I'd like to understand the differences, if any, between the two. The outcome is the same however the process/workflow to achieve it is different. Method 1 Create an Entra ID…
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,033 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
689 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,951 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 21%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 75%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
0 answers
Elevated Access for Azure AD Users
Hey guys, I'm managing 100 Azure AD users who utilize corporate-owned laptops for signing in and performing tasks. All these users are configured as standard users. Therefore, when the IT team runs an application with elevated access or doing…
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,881 questions
Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
689 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,951 questions
asked 2024-04-30T01:43:13.8666667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 94%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Mo
0
Reputation points
edited the question 2024-04-30T09:04:00.3066667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Givary-MSFT
28,756
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
Azure Key Vault RBAC permissions required for APIM to retreive a cert?
Hi I have a Azure API manager setup and want to add a custom domain. We have deployed Azure Key Vault and uploaded a certificate. We have deployed Key Vault with the recommended "role-based access control" We have given the APIM managed…
asked 2024-02-18T20:52:19+00:00
SKT
141
Reputation points
commented 2024-04-29T22:32:57.6466667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 92%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEJ%3C/text%3E%3C/svg%3E)
Erik Jensen
0
Reputation points
2 answers
Assign RBAC "Key Vault Administrator" role to Azure App via C# (.NET SDK)
I use below C# code create KeyVault with RBAC permission model. using KeyVaultModels = Microsoft.Azure.Management.KeyVault.Models; KeyVaultModels.VaultProperties vaultProperties = new KeyVaultModels.VaultProperties() { EnableRbacAuthorization = true, …
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 48%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 45%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
2 answers
One of the answers was accepted by the question author.
What role will I have when I migrate a subscription to a new Tenant/Directory?
Hi All, Starting in September 2024 Classic Admins will be removed. I am wondering what is going to happen when I do a migration (directory change) of a subscription from one tenant to another. Usually the user who does the "Change Directory"…
asked 2024-04-24T09:31:31.7566667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 80%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJD%3C/text%3E%3C/svg%3E)
John Doyle
51
Reputation points
commented 2024-04-26T09:21:50.7633333+00:00
John Doyle
51
Reputation points
2 answers
One of the answers was accepted by the question author.
To add a backend pool and health probe to loadbalancer, which role is needed?
Network contributor on loadbalancer level? Network contributor on the resource group level?
asked 2024-04-24T14:16:48.4233333+00:00
Shaojun Qin
100
Reputation points
accepted 2024-04-25T02:59:51.3+00:00
Shaojun Qin
100
Reputation points
1 answer
How to fix - MsalClaimsChallengeException: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
Working on azure web app and it was working fine , suddenly i am getting below error MsalClaimsChallengeException: AADSTS53003: Access has been blocked by Conditional Access policies. The access policy does not allow token issuance. The same app is…
asked 2024-04-23T07:22:46.7333333+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 56.00000000000001%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
SohamPrasad Girde (Wipro Designit Services, Inc.)
20
Reputation points Microsoft Vendor
commented 2024-04-23T13:30:46.22+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 28.999999999999996%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDM%3C/text%3E%3C/svg%3E)
Domooney-MSFT
2,551
Reputation points Microsoft Employee
1 answer
I can't see Resource Group.
I got a role but I can't see AI_SERVICE resource group. I tried to login again and clear cache and login again & tried with other browsers. But nothing worked. How can I solve this issue?
asked 2024-04-22T08:04:00.62+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 71%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
evan
0
Reputation points
answered 2024-04-22T13:30:14.3333333+00:00
VenkateshDodda-MSFT
19,401
Reputation points Microsoft Employee
1 answer
How to assign Azure Policy to a role or restrict user access to resource groups they did not create?
In our Azure subscription, each member has "Contributor" role at the subscription level. However, some people are creating high-cost resources, which we want to restrict. I found Azure Policy and denied the creation of those resources, but…
asked 2024-04-16T07:56:13.25+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 66%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBR%3C/text%3E%3C/svg%3E)
Bueyuekgebiz, Rahmiye Buesra (T CST SEL-DE)
0
Reputation points
answered 2024-04-22T10:06:50.4966667+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT
15,241
Reputation points Microsoft Employee
1 answer
One of the answers was accepted by the question author.
need to remove RBAC role when try to delete resource group before
In azure, i want to delete resource group. It is need to remove RBAC role that has been assignment to this resource group first? And then i can delete resource group. And it will release that RBAC role what has assignment on this resource group?
asked 2024-04-18T10:15:28.63+00:00
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 46%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHW%3C/text%3E%3C/svg%3E)
Huang, Winston-HR
280
Reputation points
accepted 2024-04-22T06:31:59.8566667+00:00
Huang, Winston-HR
280
Reputation points