Automatically disable to report inactive account in Azure / Entra ID?
I'm curious if there's a built-in feature in Microsoft Entra ID or Azure AD that can automatically disable or remove users whose SignInActivity logs and LastSuccessfulSignInDate are empty. I need to disable them if no activity has been logged in the…
VA2107 - Remove members who should not have access to the database role
ALTER ROLE [UserRole] DROP MEMBER [Principal], is this the correct remediation script for VA2107
Custom role created at the resource group level
I have created a custom role at the resource group level, however I need to duplicate this across multiple environments and I would like to know the most effective way to do this. I am concerned if I need to alter the role slightly, it can get cumbersome…
disableLocalAuth for cosmos db
Attempting to use RBAC authentication to connect to Cosmos DB results in different behaviors based on the disableLocalAuth setting. When disableLocalAuth is set to false, the connection to Cosmos DB is successful, and data can be retrieved. However,…
Is Git available for powerapps gcc?
I have been searching high and low for documentation on connecting git to a GCC account. I wanted to know it was even possible to do?
Creating a custom role at the resource group level to prevent network changes
I am trying to create a custom role at the resource group, this role should deny access if a user tries to change network settings on any azure resource within the resource group. ITs currently not working as users are still able to create a private…
Who can share files to people outside your organization
a member of the teams site is not allowed to share a document with a person outside the org. Iam the site owner and can share. Only owners can do that?
Possible to create a policy that will automatically assign user/group RBAC roles based on tags
Is it possible to create a policy that will automatically assigned users/groups to RBAC roles for an RG based on the tags? If so, can you reference a template for this?
Is it safe to add the global "Microsoft Azure App Service" to Key Vault Role Assignments
Unfortunately, it seems that KeyVault Certificates are currently still in an unstable state where RBAC is not properly implemented. Further details of the specifics and a solution to the problem can be seen here…
Is role inheritance applied to resources in the Resource Group?
Hello, I have a regarding role inheritance that I would like to get your help. Is role inheritance applied to resources in the the resource group? Thanks, Dun
Az CLI command for Role Assignment create for a AD group which should valid for 4hours
Hi Ref:https://zcusa.951200.xyz/en-us/cli/azure/role/assignment?view=azure-cli-latest#code-try-5 i have privileged access PIM to create the role assignment using the below command sh 'az role assignment create --assignee-object-id <obj_id>…
AADSTS50011 Error when referencing Azure Active Directory Powershell
I'm attempting to set up a controlled-access computer such that users can only access the machine if they are in a corresponding Security Group. The code I've been advised to run for this setup is below. When I run it, I get an AADSTS50011 error when I…
not able to change access configuration policy
CODE InsufficientPermissions MESSAGE RAW ERROR Caller is not allowed to change permission model. For more information on how to change the permissions model follow this link: https://go.microsoft.com/fwlink/?linkid=2155160. Details:…
Impossible operate on my Azure Free account
Hi all, after deleted erroneously some role from my user, I'm no longer able to operate with my subscription/account. I deleted some role from my user and now it seems be blocked. I'm not able to add permission/role again. It's a deadlock. I'm trying to…
I am uanble to upgrade my account because my billing access was changed automatically by Azure
Recently my account was disabled. I would like to find out how to enable it and upgrade it. Its not letting me upgrade.
Application gateway listener error when trying to use key vault certificate using managed identity and RBAC
Hi, I'm trying to setup a listener in application gateway to use a certificate from keyvault using managed identity. But every time whne I choose in portal the managed identity and then select the key vault from the dropdown menu I get this error: …
In Microsoft Defender for cloud I’m trying to enter an email but it gives me privilege error and I am Global Admin
Hi Team In Microsoft Defender for cloud I’m trying to enter an additional email addresses but it gives me privilege error and I am Global Admin Regards
Unable to add non-Global Admin account to sign in to a Windows PC
I am helping a small company who signed up for Microsoft 365 to use Office applications. The domain mydomain.com has been created at Microsoft 365 and Exchange is running fine. Users are using their Microsoft 365 accounts to log in to office.com to…
Unable to set 'server parameters' in Postgres SQL Flexible Server on Azure
HI All, I'm trying to set a dynamic parameter, require_secure_transport parameter on Azure Database for PostgreSQL flexible server. I've got contributor rights but getting the following error. The client 'xxx@xxx.xxx' with object id 'xxx' does not have…
Can the role "Authentication Administrator" configure passwordless authentication?
With the task: "You need to configure passwordless authentication. The solution must follow the principle of least privilege." Which role should be assigned to complete the task? I would say Authentication administrator, but the…