How do you find out the source of the user creation in Azure AD, for example, if the user was created via an HR cloud solution? We're using powershell and need to implement some changes to users that were created by the HR solution and not the users created directly on Azure AD. Your help is appreciated. Thanks.
Check the audit logs of your Azure Active Directory
Related
Is it possible to dynamically create an Azure Active Directory over the Azure shell or from C#?
The only documentation I was able to find is this https://learn.microsoft.com/en-us/cli/azure/ad?view=azure-cli-latest describing some commands but it does not explain how to create a new tenant or Azure AD B2C.
We are builing an application for a lot of client organization. Each organization would need an own active directory and database to seperate them from each other logically and securly. That's why we want to dynamically create active directories. We don't want the client to wait and we don't want to manually create everything for each one.
Thank you for your help!
It is not possible to create a Azure Active Directory using Azure Shell or C#. A tenant represents an organization in Azure Active Directory.
Azure AD service instance that an organization receives and owns when it signs up for a Microsoft cloud service such as Azure, Microsoft Intune, or Microsoft 365
We have a Office365 account that uses Azure Active Directory for our company e-mail accounts. We have a totally separate (different login) Microsoft Azure account that we have been using without touching Azure Active Directory within.
We are looking to implement Azure Active Directory within our apps, and would like to use our existing O365 Active Directory since it already has all the users created. Is there any way for us to somehow link our Azure account to the O365 account so we can use that active directory in our Azure account?
I have found some examples, but they all seem to use the premise that you are logging into both Azure and O365 with the same credentials. That is not how ours is setup unfortunately.
If you are interested in combining the two (usually keeping O365 identities and making that AAD the default for your Azure subscription), you can contact Microsoft directly and they will be able to manually pair the two. As of 6 months ago (last time I did this) there was no way to do this yourself without assistance from MS.
You can open tickets through the Azure portal or the Office 365 web site.
Found a article that got me pointed pointed in the right direction and I was able to get this done:
How to associate or add an Azure subscription to Azure Active Directory
Ultimately I needed to have one Microsoft account that had sufficient permissions on both Active Directory tenants. It was tricky because both accounts were different Microsoft accounts using the same e-mail address, and either directory would not let me add another account with a duplicate e-mail address. I used a separate Microsoft account and added it as a AD guest on both directories. Once that was done, I was able to login with the new account with access to both directories and pick which directory I wanted to use within my Azure account.
I'm developing a cloud service and I would like clients to be able to grant my azure acount permissions to programatically deploy an application in their account. Is there a way of doing this?
For security reasons, I don't want them to simply create a new account for me. I know this can be done in AWS but having trouble finding out how to do it in Azure.
You can use Azure Active Directory to create an account or modify a current account.
They are give you permission to deploy across the subscription or they can give you contributor access to resource groups.
Is it possible to programmatically create a Azure Active Directory within a Azure subscription.
I have looked through the Azure Management API's and can see methods to create VM's, databases but not WAAD's.
If it is possible. How many WAADs can be created per subscription?
No, it isn't possible to create Azure Active Directories programmatically.
As Jeff pointed, the directories listed in the Azure AD node are not contained in the subscription - but instead are the directories in which the currently signed in user account exists.
I would like create a new Active Directory in Azure with powershell.
Do you know the cmdlet to do this ?
Thank you !
You cannot create Windows Azure Active Directory tenant using PowerShell.
First of all, you do not create Azure Active Directory. It is already created and managed by Microsoft. What you create is a tenant within Azure Active Directory. And you cannot just create it. Especially using just some API.
Windows Azure AD tenant is being created when someone creates an Office365 Subscription, or Microsoft Intune Subscription, or Windows Azure Subscription and so on.
Read carefully through the entire article here, in order to understand what is Windows Azure AD Tenant, how it is created and where it is used.