When I login to Azure and list all subscriptions I see a list of 9 tenants (see pic).
via this url: https://portal.azure.com/#settings/directory
However when I use Get-AzTentant I only get 4?
How can I programmatically obtain a list of all 9 accessible Tenants?
Thanks.
Check if you have the access to all the tenants listed in your Azure Directory because the cmdlet Get-AzTenant returns the list of tenants if your account is authorized with those tenants as it is mentioned in this MS Doc.
I have given the access to only one tenant for one of the users and checked by logging with that user credentials:
Related
My goal is to get the Azure AD users who have been assigned the Classic Administrator role in an azure subscription.
I use the REST api's Classic Administrators - List to retrieve all classic admins but it returns an Email which is not unique enough and an ID called netId/puid which is not present on the user returned from the Graph API.
I followed the Azure Portal's network to see how it gets the users for AAD but it queries the Graph API with an internal API version '1.61-internal' that I can't use.
Does anyone know on a way to retrieve this information?
Thanks
There is not an exposed API to match netId/puid with users.
But you can get the puid from the access token.
Or you could use Microsoft 365 Powershell cmdlet Get-MsolUser -UserPrincipalName "{upn}" | fl to get the user and find the LiveId property.
Record the puid or LiveId above and the corresponding user information to your local configuration file and match them with the name property in response of Classic Administrators - List.
Then you can get the corresponding users who are classic Administrators.
It's just a workaround and there are many workloads. I don't think it is a good method but there is no other way.
I want to make the user login in my custom application and Get the list of Tenants and Once I Get i want to make other Graph API calls like getting list of Azure Resource Groups etc
I want to build a similar experience just like we see in Microsoft Documentation (Try It) section. So that to get details from Users Azure Account i wont have to create Azure AD application in their Subscription
For e.g.
In our current azure tenant we have 100's of subscriptions, user access is managed by azure AAD groups.
How can i view roles assigned to a group, Assume 1 group had access to only 1 subscription out of 100 subscriptions then from portal i need to select each and every subscription in group Azure role assignment page.
I wonder is there any direct way to fetch using powershell?
Thanks
dev
Usually we use the Get-AzRoleAssignment command to list all the role assignments that are valid on the scope. If no parameters are specified, this command will return all the role assignments made under the subscription.
For your problem, you want to use a security group to filter this list, just use the Azure AD group ObjectId parameter:
Get-AzRoleAssignment -ObjectId <your group objectid>
In MS Graph API docs there is List appRoleAssignments granted to a group : https://learn.microsoft.com/en-US/graph/api/group-list-approleassignments?view=graph-rest-1.0&tabs=http
Test it under MS Graph
You can use Microsoft Graph PowerShell SDK https://github.com/microsoftgraph/msgraph-sdk-powershell
Here are samples code - for example for fetching groups:
https://github.com/microsoftgraph/msgraph-sdk-powershell/tree/dev/samples
Is there's an API to get all Tenant or Active Directory under your account?
Thanks!
You could use Tenants - List to get the tenants for your account. It's easy to click the green "Try it". Then you will get all the tenants ID for your account.
https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks#supported-resources states that Azure AD based resources are subject to a Per app and tenant combination: 7 total subscriptions
Calendars are assigned to users. Does this mean that they are "Azure AD based resources"?
I'm hoping to be able to have hundreds of subscriptions active for a single tenant.
Well since the line reads:
Certain limits apply to Azure AD based resources (users, groups) and may generate errors when exceeded:
I'd assume it only applies to users and groups which reside in Azure AD. Office 365 Calendars do not, MS Graph API gets them from the Outlook Calendars API.
And it's not too hard to test this, try creating 8 subscriptions :)