Set-AzureADuser failing - azure

Trying to streamline our MFA process by manually uploading the -Mobile attribute to Azure in powershell, so that when the user goes to do MFA, it's already filled in.
Set-AzureADUser -ObjectId $emailaddress -Mobile $cellphone
This actually worked before, but now all of a sudden I'm getting
Set-AzureADUser : Error occurred while executing SetUser
Code: Request_BadRequest
Message: Unable to update the specified properties for on-premises mastered Directory
Sync objects or objects currently undergoing migration.
We're in a hybrid environment with a one-way sync, and the "mobile" attribute is not a synced attribute for us. We set it for a few test users in AD, but it never made it to Azure. So we were doing it this way until this showed up all of a sudden. We haven't made any changes to our sync settings.
Microsoft documentation on doing exactly what I'm doing doesn't show me doing anything wrong.
https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-sspr-authenticationdata

Figured it out.
Not sure why, since Set-AzureADuser worked before, but Set-MsolUser worked, and was able to update the mobile phone number. When I ran Get-AzureADuser, the number changed by Set-MsolUser was present.

Based on the description and error message, you were using Powershell to update members which were synced from on-premises. This is expected, it is not able to update these objects which synced from on-premises to Azure AD.
To update these type of users, we need to operate it in the on-premises environment and then sync it to Azure. Try changing it on On-prem server and then sync it to Azure AD.
Reference issues:
Getting "Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration" error message when updating a room mailbox contact informations on Exchange
Unable to update the specified properties for on-premises mastered Directory Sync objects or objects currently undergoing migration

Related

Azure LinkedAuthorizationFailed on Active Directory Account / Key Vault Authentication when running DevOps Server Deployment Template

I am trying to deploy an on-prem instance of Azure DevOps Server to a VM in an Azure Government subscription (which by nature, seems it does not support standard DevOps).
This template is referenced within support material directly from Microsoft:
https://github.com/usri/deploy_DevOps_Server_AzureSQL
All the referenced resources were created from scratch for the purpose of getting this server running.
This requires an AAD account with the associated password stored in a Key Vault. However, every attempt I make to run the template returns the following error on the 'Write VirtualMachines' step (when all other components pass):
The client has permission to perform action 'Microsoft.Compute/images/read' on scope '(MY_SUBSCRIPTION)\(MY_RESOURCEGROUP)\(VM)', however the current tenant '(MY_KEYVAULT)' is not authorized to access linked subscription '(ID in the template with the deployment files)'
This seems to me like the password cannot be retrieved from Key Vault- is it a formatting issue with the Secret? An access control issue somewhere? I've tried many various combinations of both. Hopefully this is just a trivial issue..
I am the original author of the code in that repo. I went ahead and merged a pull request into that repo which should address your issue. I did the following:
Updated the ReadMe file to include information on creating the image
Updated the azuredeploy.json with parameters for Key Vault & image references
Updated the ps1 file to eliminate hard links for KV (a particularly bad oversight on my part, my apologies).
Updated and tested everything for the latest version of Azure DevOps Server 2020
This should fix your issue and several other related ones. I retested the entire deployment from scratch and it worked as designed. A couple of other quick notes:
The USRI and all of it's repositories including the one being utilized here are not Microsoft official repositories. They represent an open-source Azure community dedicated to regulated entity customers. The members which contribute there are mostly Microsoft employees and the repos themselves just represent interesting and sometime niche templates that might be of interest.
This particular repo shows a manner in which Azure templates could be used to deploy services when no internet connection is available or permitted. I just used Azure DevOps Server because it was interesting and regulated industry customers use it.
All the best

Azure Devops release pipeline unauthorized for some projects

I am trying to release multiple projects in 1 solution using Azure Release pipeline
They are all connected to the same Azure Subscription, but some do deploy to the given app service while others give an unauthorized error.
Ive looked into it and i read that adding website_webdeploy_use_scm to the app service should help the Unauthorized error, but this didnt help for me.
What else could i look at? I connect through Azure Devops so i just selected the subscription from the list it automatically gathers from Azure because im logged in using the same logins as i use for Azure Portal
the full error is:
Connected to the remote computer ("xxxx.azurewebsites.windows.net") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.
Error: The remote server returned an error: (401) Unauthorized.
according to the error I'd suggest you check service principal permissions. it probably lacks the permissions required to manage those webapps.
So after refresh publishing profile in Azure Portal and trying it again it fixed itself so im not sure if that caused it or not but it worked!
another fix is to delete the slot and make it again

No applications found - Azure Blockchain workbench

Yesterday I created a new blockchain workbench guided by the docs on: https://learn.microsoft.com/en-us/azure/blockchain/workbench/deploy
The main issue is when am going to the web app, since I can't see anything, it only shows: No applications found, Contact the Workbench administrator to get access to an application.
Funny thing is that I added a user to work along with me (both propietaries and admins). He can acces to the resource and create apps. Also he can see me as a member (i only see me). Another thing to add is that he created a contract, which appears to me in the workbench and lets me to take actions on any instance of the contract (permitted by the role ive been given).
How did i lose (if) my privileges/permissions if i created the workbench?
I am sure you must have checked the access level for your own id and anyone else did not delete your access or downgrade it by mistake.
The only other way is to raise a ticket to Azure tech or recreate the scenario and track it where and at what step it is failing.

Unable to save Policy in Azure APIM

I have been able to work in Azure APIM with no problems until yesterday. Another member on my team can edit and save with no problems; but my save to an Inbound Processing rule always fails with:
Could not save policy for "Access API 1.2" API. Please try again
later.
Thoughts?
Of Note:
Our companies security access team verifies that I am a contributor to APIM
I login in through the companies' two factor authentication system into Azure.
Same results on Edge/Chrome.
I can update individual endpoint api policies.
Our company opened a Microsoft Support ticket on this and their response was
You are running into a known issue with APIM integration with ARM. The
dev team is working on a fix for this issue now and we are told it
will get deployed by this evening.
The following day it was working for me
The APIM dev team fixed the issue late yesterday and you should now
see the ability to update policies for the API scope too.
Note to anyone running into this situation in the future the secondary advice given revolved around the browser which was
Make sure you’ll not pulling down cached files. Try loading an
in-private session or press CTRL+F5 to refresh the page and pull down
new files.

Azure Data Factory On-Premises Copy Error

I am trying to schedule an on-premises copy job that contains a SQL Server.
However I am getting a different kind of error when trying to enter the sql server credentials.
Type=Microsoft.Data.Mashup.InternalMashupException.Message..sorry,en
error occurred during
evaluation.,Source=Microsoft.Data.Mashup"Type=Microsoft.Mas..data
protection operation was unsuccessful. This may have been caused by
not having the user profile loaded for the current thread's user
context which may be the case when the thread is
impersonanting.Sources, "Type=Microsoft.Mashup.Evaluation.Inter...
I have provisioned the gateway onto the server where the sql server is hosted but getting this error.
Also I am using the Copy Preview feature to get this working.
I may be wrong here, but it looks like an authentication issue. Have you tried connecting to the server from the gateway? Open the Microsoft Integration Runtime Configuration Manager, go to Diagnostics and fill every field, then click test. If everything is correct, a green check should appear. You are trying to impersonate a user, so choose Windows instead of Basic.
Try with it until you get the green check, then make sure that the linked service you are using has the same info you used and it should work.
You can also try creating a database user and give it permissions to make the query you want, then changing the linked service to use the database user instead of the windows user.

Resources