I am looking for PowerShell commands or any API, so I can change the Service admin of my subscription. Going over a lot of documents but could not find any commands or API.
Manual Steps
Go to Subscription - Properties
Click Change Service Admin
Select the new ID and click OK
I want to automate the above steps.
thanks,
Div
Related
Is there a way to give Azure Application permissions over Office SharePoint Online API via PowerShell ?
Manually I would:
1. Enter the Azure AD Admin center.
2. Find/Create the application I want to request permissions for.
3. Click on API Access->"Required Permissions"->"+Add"
"Select API"->"Office SharePoint Online"->"Select"
Choose "Read and write items in all site collections" -> "Select" -> "Done"
"Grand Permissions"
If Is not possible can please someone give official link that confirms it?
Currently there is no way to Grant Permissions without someone with Global Administrator role to go to Azure Portal and click Grant Permissions button.
Reference
I'm just starting on this, been going through the Microsoft documentation and the lightbulb hasn't come on yet...
How do I add a user to my subscription so they can login? From there I just need to limit them to Azure Media Services.
I've seen instructions on web for clicking a "Users" button from subscription, but I do not see that. I've tried adding a user through the Azure Active Directory as well with no luck...
Any ideas would be helpful.
Thanks!
James
OK, so I figured this out:
1) Add your user to Active Directory (I added guest user)
2) Go to subscriptions and to your IAM panel
3) Ensure that your new user has access to at least Read the subscription.
(When I did this it allowed me to view my Azure resources as other user)
4) From there I created a role in a JSON file and used New-AzureRmRoleDefinition -InputFile to import it. IMPORTANT: Make sure for permissions you have Microsoft.Media/* and Microsoft.Media/mediaservices/*
5) Once I did this I went to my Media Services IAM panel and added the user to my new Azure Media Services role.
6) Presto! It started working.
Thanks to all who responded to this thread!!!
I've tried adding a user through the Azure Active Directory as well
with no luck...
This is exactly what you need. Create a user in Azure Active Directory (at portal.azure.com) and grant them access to your subscription with the custom role to allow only Azure Media Services (I don't think there's a built-in role for that). To do that, follow the links (to create custom role, to create user and to assign user that role). I don't think you can create custom role using portal, so you will need REST API or powershell\CLI\SDK
Links:
https://learn.microsoft.com/en-us/azure/active-directory/role-based-access-control-custom-roles
https://learn.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure
https://learn.microsoft.com/en-us/azure/active-directory/role-based-access-control-what-is
https://learn.microsoft.com/en-us/azure/active-directory/add-users-azure-active-directory
I am new to Azure. I am getting myself confused very fast. My company has a project on Azure. We are looking to grant access to our external developers so they can log into our account and build a product for us ( setup a VM with mysql dbs and build an application ).
The only options I see are to invite users from another Active Directory or users who are in my own Active Directory? Is there no option to simply create a sign in credential for a user with say " email at gmail dot com" ?
What am I missing? I have created a Resource group but still can't invite anyone of our external consultants in there.
You can invite any user to manage your resources or your subscription.
There are 3 conditions for it:
You have the right to add it to your Azure AD
you are the owner of the subscription
The 'Guest user' already has an Azure account or a Microsoft Account
Then you have to go to:
Resources/Subscriptions
Access Control
Select a role (i.e. Contributor)
Type in the Account/Email of your external team member
check the checkbox and send the invitation
If you want to create generic users you can go straight forward to your AD and create a user i.e. developer1#contoso.onmicrosoft.com and add this user to the resource/subscription. Don't forget to take note of the credentials you created
So you would use Azure RBAC for that. Just click on the Resource Group > Access Control > Add.
You could also consult this blogpost for best practises.
If you just need them to develop and access SQL or a web App, you can pass the publish profile and SQL connection string to them.
Also, you can setup continous integration for the web App or virtual machine and pass git or GitHub or whatever source control you are using and pass the URL for the project, then they will commit the source code and fire a new build
I have an active directory in MS Azure. I want my colleague to use the same directory so that we can do some RND on the same. I have already created user for them using their hotmail id. I have also changed the user role to "Global Admin" for them. They cant see any option to access the same active directory after log in. Is there any way they will give the url like
https://manage.windowsazure.com/#IamNewInAzurehotmail.onmicrosoft.com#Workspaces/All/dashboard
and log in with their hotmail account.
You need to add him in Administrators List in setting option of Azure Panel.
Steps:
Login to Azure Portal with Root administrator.
Go to left panel and select Setting.
Go to Administrators tab in right side pane.
Click on Add button in task pane and add his hotmail or Organisation ID for Co- Administrator, Select the subscription in which you want to allow him.
Click on tick mark to apply these settings.
My windows azure subscription has been cancelled. I want to update my credit card details and enable it.So please provide steps.
Please follow the link below to create an incident with Windows Azure Commerce Team, and they will provide necessary assistance to get your Subscription enabled and get going:
https://support.microsoft.com/oas/default.aspx?prid=14234&st=1&wfxredirect=1&sd=gn&ln=en-us
once your account has been cancelled the only way to revive it is by going to http://commerce.microsoft.com sign in, make sure you select subscription from the drop down near to your name on the top right side (to check if its the correct, select subscriptions and there should be the subscription that is cancelled) once u r under the correct one, go to payment options and add or change ur credit card... this then will update the service and resume the service... after this is done and everything is cocher, you can go to the account portal of azure and manage payment options from there.
Go to the Windows Azure Account Subscriptions page and change the payment method on your chosen subscription.