created a Azure Devops Account + Organization, but when I log into the portal with the same account, it does not see my organization and thus I can't do anything like setting up a Azure AD. Has anyone seen this issue before?
Looks like this person had the same problem but did not get a resolution.
I have not ran into that issue. My understanding of the process is;
If you want to link DevOps to your Azure AD you should log into
DevOps with an existing Azure AD Account.
If you create a new account or sign in with an account not tied
to an Azure AD tenant on DevOps that creates a new Azure AD tenant.
Hope this helps
Related
I have created an Azure DevOps organization. I have created it with my outlook account. I want to connect it to Azure Active Directory (AAD), Default Directory, on my Azure portal. I am using the free account on Azure portal which allows me to have one subscription. The AAD directory is shown below:
I want to connect my Azure DevOps organization to Azure Active Directory. I am using the same user in Azure portal and Azure DevOps. I have basically created both by the same account. I am following the instruction at this link to connect Azure DevOps organization to Azure AD. I emphasize that in my case both are created by the same email. However, in Azure DevOps Organization settings, by clicking on "connect directory" under "Azure Active Directory", I get an error that: "User myuser#outlook.com is a guest in the target AAD tenant Default Directory. The current organization policy does not allow guest users to access the organization. Change the policy setting to allow external guest access and try again."
This is what I see at organization settings in DevOps:
This is the error when I try to connect it to AAD:
When I check my user in Azure Active Directory I can see it has global admin role, and is a member, not guest! It is after all the user by which I have created this account and all the resources: (It is the user on the second row:)
As mentioned earlier, this user has global administrator role:
I also tried changing my policies at AAD side to be able to connect my DevOps project to AAD, but again it fails. This is how the policies are:
I basically don't know what else I should do to connect DevOps to AAD. Any help is appreciated.
When you log in to Azure DevOps, it logs in with Microsoft Directory.
You need to switch the tenant to your default directory
Then you would be able to link your Azure AD tenant to your Azure DevOps Organization
I am an owner of an Azure DevOps Organization - e.g. "lab.visualstudio.com". We are planning to decommission our Azure subscription. I try to find out if the decommission will affect my Azure DevOps Org.
I can see "lab.visualstudio.com" is connecting to my Azure subscription for billing purposes. However, I could not find "lab.visualstudio.com" in my Azure portal.
Is there a way to determine if "lab.visualstudio.com" belongs to one Azure subscription? In other words, how can I know if decommissioning my Azure subscription will also decommission my Azure DevOps Organization?
Thanks in advance!
Notes: I saw someone's Azure portal has their Azure DevOps Organisation on it (screenshot attached). I am wondering why mine does not show in my Azure portal.
Is there a way to determine if "lab.visualstudio.com" belongs to one
Azure subscription?
To find the Azure Subscription associated with your Azure DevOps organization, login into Azure DevOps, go to Organization Settings and then Billing. You will see the Azure Subscription used for billing of Azure DevOps organization.
You can then go to Azure Portal and navigate to the subscription and look under resources. You should see a resource by the name lab (or the name of your Azure DevOps Organization) of type Azure DevOps organization there.
In other words, how can I know if decommissioning my Azure
subscription will also decommission my Azure DevOps Organization?
Azure DevOps uses an Azure Subscription for billing purposes. If you delete the Azure Subscription that is associated with your Azure DevOps organization, your Azure DevOps organization will be immediately moved to "Free Tier". Though I have not tried it but I believe that the resources you have created in your Azure DevOps organization will not be deleted. I'm not sure what would happen if you have provisioned resources more than allowed in free tier.
You can read more about it here: https://learn.microsoft.com/en-us/azure/devops/organizations/billing/billing-faq?view=azure-devops#what-happens-if-i-delete-my-organization-resource--.
I have a work DevOps account in my organisation, but cannot create personal DevOps account. Am I not permitted a second DevOps environment for my personal use?
I am trying to create a second dev.azure.com account using my Microsoft Hotmail account and it keeps reverting to my work DevOps account event though I log in with Pretz.XXX#hotmail.com
I have an AD account Pretz.xyz#fabclothes.com which logs in fine to my Azure DevOps organisation environment
Each time I try creating a personal Azure DevOps account (at work), I keep getting redirected to the work Azure DevOps account.
Getting error You are currently signed into the 'Azure AD B2C tenant' directory which does not have any subscriptions. when I try to create a resource in Azure AD B2C.
Please help I am new to Azure
Switch back to the directory where you have your subscription and create the resources there.
Don't take my answer as definitive, since I'm still a newbie, but at this point my understanding is this: B2C needs a new tenant because of the way it is designed (it isn't just an add-on for AD) and you link it to your subscription for billing purposes. But that's it. You don't need to create the resources for your app there, although I guess you could do it if you get a new subscription or transfer another one.
I already created a mobile app in my default tenant and successfully used the linked B2C tenant for authentication and I guess you've done that already. But since this was one of the few results that I got when I googled the message you quoted, I think it's worth sharing.
Have you done this ?
The Azure subscription has a trust relationship with Azure Active
Directory (Azure AD), which means that the subscription trusts Azure
AD to authenticate users, services, and devices. Multiple
subscriptions can trust the same Azure AD directory, but each
subscription can only trust a single directory.
Following link might help (check To associate an existing subscription to your Azure AD directory)
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
Azure AD B2C needs a Microsoft Azure Subscription for billing purposes. You're going to need 3 things to make that message go away:
Azure AD Tenant
MS Azure Subscription
Associate your Azure AD B2C tenant to the MS Azure Subscription
It's a bit strange as Azure AD B2C tenants feel very similar to Azure AD (and run on a lot of the the same infrastructure behind the scenes) ... but from a billing standpoint, they are almost treated like MS Azure resources (e.g. VM, App Service, etc)
I've created some Microsoft Live accounts for managing my Azure subscriptions (I've got five). I can log in using, for example, joe#mycompany.com and manage my web services using the public portal. I think I've got the hang of Azure Active Directory and the Domain Services that go along with it. So now I'm wondering, can I associate my domain ('mycompany.com') with an Azure Active Directory in my corporate portal, add my user 'joe' to it, and use 'joe#mycompany.com' to sign into the portal? That is, will the Azure Portals use Azure Active Directory for logins?
The Azure Portal allows users to sign in with both Azure AD Accounts AND Microsoft accounts (aka MSAs, LiveIDs, #outlook.com).
If you associate your domain with an Azure AD tenant, you'll be able to log in to the Azure portal with your Azure AD account.
It is important to note that if you have a joe#mycompany.com Microsoft account and a joe#mycompany.com Azure AD account (which you get by adding the mycompany.com domain to an Azure AD tenant and then creating joe#mycompany.com that tenant), you effectively have tow DIFFERENT ACCOUNTS. When you type in joe#mycompany.com, you'll see a prompt like this one:
You'll have to make sure you pick the right one since your existing Azure subscriptions will be associated with your MSA and any new ones you create with your Azure AD account will, by default, not be accessible to your MSA.
Your best bet is to setup an Azure AD tenant, migrate your Azure subscriptions from your MSA to your Azure AD tenant by transfering ownership of the subscription and ensure all new subscriptions are created with Azure AD accounts (and not MSAs). At that point, you can always pick Organizational account and not have to worry about which which Azure subscription is linked to which account.
Other relevant info:
Comprehensive explanation of MSAs, Azure AD and Azure Subscriptions
Creating an Azure subscription using an Azure AD tenant