Is there a way to get list of all the Tenants names/id in a Hono server.
Is there a way to get list of all Devices registered in a particular tenant.
Are you referring to the example device registry, that is included in Hono?
The Management API of the device registry does not provide such operations. And FMPOV this would violate the tenant separation.
Related
Hello in my job we have alot of branches and users. I want to make some profiles in Intune where each branches has predefined profiles ( with programs and policies ) same for users. They will login with a domain profile that is defined in Azure AD.
• Yes, you can create predefined device-based profiles in Intune based on branch offices. For that, I would suggest you create user and device groups according to the branch office location and organize the users and devices in them as per their assigned branch office. Once, that has been done successfully, then would suggest you create various device configuration profiles according to the branch offices and their required configuration settings as expected in them and assign these device configuration profile to the respective user and device group in their branch offices.
• These configuration settings will then reflect in those devices which are assigned to these branch locations. Once done, then change the primary user of those devices using a powershell script or through Intune management portal as there is no provision in Intune to predefine the user to be signed in on a device. Thus, you can either configure the last signed in user to be the primary user of that Intune managed device through a powershell script in a bulk operation or change it through the Intune Management portal.
For more information on the above, please refer to the documentation links below: -
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-assign
https://learn.microsoft.com/en-us/mem/intune/remote-actions/find-primary-user
https://learn.microsoft.com/en-us/mem/intune/configuration/device-profile-create
First of all I am pretty new to Azure AD, so just excuse if the question is vague. I was trying to understand when a Windows 10 Device is AD joined, which all users will get default 'Local Administrator Role'. Will it be :
Global Admin, Device Administrator and User who join device (as mentioned here)
or
Global Admin and User who adds the device (as mentioned here)
The two documents are talking two different things. Excuse me again if this is very straightforward to answer.
The first article applicable to only Azure AD join devices.
The second article is for all joined devices such as Hybrid Azure AD joined devices, Azure AD join devices, Azure AD registered devices
No, All users will not get default 'Local Administrator Role'.Azure AD adds only security principals to the local administrators group on the device as per first article.
I need to give access to Azure IoT hub to an external company. How do I do that?
I cant figure out how to add them in Azure active directory, while also trying to restrict their access only to the IOT hub.
If your intention is to grant others access to the Azure IoT hub and send messages, a simply IoT Hub device client shall be good enough.
I don't see the point of creating some user account in Azure AD.
You can create an new device client either in Azure Portal or with Device Explorer, either way, you need to share the "connection string" of the device with the external developers, by which they can connect to Azure IoT Hub to send/receive messages using azure-iot-sdk.
By the way, azure-iot-sdk has multiple platform(windows/linux/mbed, etc...), and multiple language(C#,java,C/C++,python etc...) support. So even with hardware developer, he or she can set things up pretty quickly.
That's how I share my Azure IoT Hub with others and hope it's helpful to you.
You can add an external user (a user from another Azure AD tenant) to your directory following the instructions documented here: https://azure.microsoft.com/en-us/documentation/articles/active-directory-create-users-external/#add-external-users
Once you've added the external user to the directory, you can choose to grant them access to resources in your Azure subscription (they'll only have access to what you choose to grant them access to) just like you would any other resource.
In the following image, Peter Smith, from Fabrikam, Inc. (peter.smith#fabrikam.com) has been invited as an external user into Contoso Corp's tenant (contoso.com), and can be assigned the "Contributor" role for an IoT Hub:
The user, then, simply needs to sign in to the Azure portal (https://portal.azure.com), and switch to your company's Azure AD tenant. In the following image, Peter Smith, who is homed in the fabrikam.com tenant, can switch contexts to the Contoso Corp tenant because he is an external user there:
One the user has switched tenants, he'll be able to see any resources he's been granted access to in that tenant.
We would like to distribute generic devices that automatically connect to the Azure IoT platform - this we can do.
However we are looking for a way to allow the owners of these devices to send commands to them securely, to do this the devices would need to be registered to their owner, so that only they can access them.
We can use the Azure Active Directory platform to create user names for the owners - how could we then link the devices from the IoT platform to the respective user name of the owner? Is this possible?
Each device is preconfigured, so we were thinking of programming each device with a unique identifier that could be used by the customer to find their device and "claim" it from the IoT hub on the cloud, but we would love to hear any other thoughts and suggestions.
What permissions I need to set for the following scenario:
I want to use Azure service bus in order to be able to connect a windows service agent running on premise and a worker role running in azure. The agent itself is a software that will run on different customers premises and communicate with my worker role via service bus. The worker role once per day will send a message to specific (maybe all, maybe few only) customers agent on premise, asking for some data. The agent will return the data to the worker role via service bus. In order to send custom message to specific customer agent I will use topics and subscriptions where every customer agent will lessen to it's specific subscription.
Now in order to build that agent and access service bus I have to make use of the namesapece, issuer name, issuer key which by default it's owner. Well owner has full control everywhere on that service bus therefore I don't want to give the owner credentials and secret key to each customer agent service. That means I have to build custom identity for each customer or a common one for all.
My questions: what do you recommend:
one common service identity for all agents or generate one identity for each agent service?
what is the minimum access I should give to them? I guess Listen and Send right?
We use the Service Bus Relay to expose internal services to third parties. We secure the services using SAS and create a new Shared Access Policy with the appropriate permissions (typically Send, Listen) for each client. On the "Configure" tab in the portal, add a "new policy name" then "save". You can then retrieve the Shared Access Key in the bottom section of the portal.
We found this method easier than generating IDs under ACS.