Unable to add key - azure

I'm pretty new the LUIS. I have made an app in LUIS but now I'm unable to add key in luis.
I double checked that I'm signed-in with the same account on both azure and luis and also using the same region i.e. westeurope
screenshot:

Please select the tenant so that you can see the available keys associated with it. In the screenshot you shared, there is no tenant selected and asks to select a tenant. Selecting the tenant will resolve the issue.

Related

Cannot Add Account Owner to Azure EA Enrollment

I need some help with this and I couldn't find any solution on the internet.
I need to change the ownership for an Azure Gov Subscription under an Enterprise Agreement Enrollment so first I need to create the new Account following the related Microsoft Documentation
The current "Account Owner" is the Initial Account gov.admin#govtenant.onmicrosoft.com
It's a work account in our "Azure AD Free" tenant and I have full control over it
It's also a Global Administrator in that tenant
The new account to add (gov.user#govtenant.onmicrosoft.com) is also a "Global Administrator" and exists in the same tenant
When I try to add it, the portal returns this error:
The login information provided is not a valid user.
If you believe you have received this message in error, please contact customer support.
But when I try to add an account from the tenant that we have in Azure Commercial (with "Azure AD for Office 365") ...
... the error seems to be correct.
The enrollment is in a cloud that is different from that of the user.
So far, I know that the "gov.admin#govtenant.onmicrosoft.com" account was signied up to the EA portal using an email from the Comercial Tenant (comtenant)
Also "govtenant" is a custom domain for the Comercial Tenant
So, what am I doing wrong?
Any help will be appreciated!

AD additional attribute synced to AAD extension attribute not showing up on AAD user object

Can someone please help me with the following, thanks in advance
I setup AD Connect in a LAB and my LAB Active Directory users are syncing OK to my LAB Azure AD
I then went through the Azure AD Connect setup wizard a second time to sync 'custom sync options' and chose 'Directory Extension Attribute Sync' and chose to sync two additional attributes (for testing), I chose the Active Directory attributes 'adminCount' and 'carLicense' I have a domain admin user called Craig who has his adminCount attribute set to 1 and I added a value for carLicense
When I check Get-ADSyncGlobalSettings
I can see under Microsoft.OptionalFeature.DirectoryExtensionAttributes the carLicense and adminCount listed (among other attributes) therefore looks like AD Connect should sync these two attributes from AD to Azure AD right?
However even after restarting AD Connect and doing a delta sync too I still do not see these attributes on my Azure AD User when I do Get-AzureADUser -SearchString Graig | select -ExpandProperty extensionproperty
There is no sign of the adminCount or carLicense attributes or their values in the output
Please advise, where I am going wrong?
Do I need an Azure AD P2 license or something to sync additional built in active directory attributes?
I also set up a separate custom rule to sync an AD attribute to extension13 of the AAD user class.
The above appears in the Metaverse under AD Connect OK (with the correct values populated)
However, there are not appears in the AAD User object, as above any idea please
Thanks in advance
CXMelga
I also set up a separate custom rule to sync an AD attribute to extension13 of the AAD user class.
If you sync the extension attribute to the extensionAttribute13, you are unable to get that via Azure AD powershell Get-AzureADUser.
The extensionAttribute13 belongs to onPremisesExtensionAttributes which is a property just for the User object in Microsoft Graph, but the AzureAD powershell calls Azure AD Graph API, the onPremisesExtensionAttributes property is not a property of the User in AAD Graph.
So if you want to get the attribute, here are two solutions for you to refer.
1.Use the Microsoft Graph - Get a user to do that, use the query as below in the Microsoft Graph Explorer. Or if you want to use powershell to do that, your option is to call the MS Graph in powershell with Invoke-RestMethod, a sample here.
GET https://graph.microsoft.com/v1.0/users/<object-id of the user>?$select=onPremisesExtensionAttributes
2.When you use the Azure AD Connect to sync, edit outbound synchronization rule like below. In your case, it should be like extension_3e2cd06ca3494546888b069a891b4bb6_adminCount. See this link for more details.
Then you will be able to get the extension attribute with the command as below(I recommend you not to use -SearchString parameter, sometimes it returns nothing.)
Get-AzureADUserExtension -ObjectId <object-id of the user>
Or
Get-AzureADUser -ObjectId <object-id of the user> | select -ExpandProperty extensionproperty

Not able to configure endpoint keys in LUIS

How to publish in the new UI of Luis? The tenant id is not getting listed in my account. I have generated keys in the azure portal but not able to configure it in LUIS. Earlier we had a keys tab and we could add the key there. It seems they have changed it now. Any help on this?
I see what you mean: there was previously a My Keys tab in LUIS.ai website.
This tab seems to have been removed, but you can still change your key inside your project, using Publish App: there is an item called Assigned endpoint key.
Based on the image you put in your question, I suppose you have found it. On my side it is successfully listing my Tenant IDs, then my subscriptions and keys so I am able to managed them.
If you are talking about creating a new key, it must be done from the Azure portal.

Where can I get the LUIS subscription key?

I'm trying to create a simple chat bot on Microsoft Bot Framework and I want to add LUIS app ID and LUIS subscription key to my application.
Where can I get the subscription key?
I believe lately Microsoft has changed the structure of the portal so most of the links are not working.
Where can I get the subscription key?
You can get the subscription key by going to
The "Publish App" link on the left,
Select staging from the "end point slot" under Publish Settings. (Don't know why doesn't it show while the option is Production. Maybe there are other ways to connect in the production environment)
Selecting the "staging" option will show an endpoint url which will have "subscription-key" field, which you can copy
I want to add LUIS app ID
To get your luis app ID
Go to "My Apps" in "https://www.luis.ai/applications"
Click your app
Click settings from the options on the left
Copy the 36 character "Application Id"
The followings are steps that worked for me:
Login into https://portal.azure.com
Search luis
Create 1 Language understanding in Cognitive Service section
Go to "My Apps" in https://www.luis.ai/applications
Select your app
Click on Change link nearing Assigned endpoint key
Select available items in 3 comboboxes
Here is the result that you could get subscription key
Hope this help.
Subscription key: In azure create a new cognitive service -> Luis. In the new luis service, on the left you can find an option labeled keys. Use Key1 for everything.
API key: go to your luis.ai account, and select the key's tab. You need to link your luis subscription key here to link luis to your azure sub.
You can navigate at this page https://www.luis.ai/keys where you will see "Programmatic API Key" it's your subscription key also known as "Ocp-Apim-Subscription-Key".
I found this article on msdn that really explains the keys well https://blogs.msdn.microsoft.com/kwill/2017/05/17/http-401-access-denied-when-calling-azure-cognitive-services-apis/
you can find your subscription keys the azure portal
Location of Subscription Key for Luis Services
the application id can be found on the settings page of your app on the luis dashboard (start at www.luis.ai)
... all the details for this are in the article linked, but what I found was that:
Use the key as in the screenshot above
The region your azure resource for luis is in, should match the region that your luis application is in.
The resource is managed through the azure portal, the luis app is managed through the www.luis.ai homepage
As the article says, it can be quite confusing about what keys to use where, (especially when you first create the luis app you get a 'starter key' ... sorry for the waffle,
The Subscription Key is the same as the Authoring Key (refer to this documentation). You can get the Authoring Key for your LUIS app by taking the following steps:
Log on to luis.ai
Navigate to the MANAGE menu
Navigate to the Keys and Endpoints tab on the sidebar

Why as a co-administrator of a subscription am I unable to edit the Active Directory?

A customer made me a co-administrator of his Azure subscription. However, I am unable to edit his Active Directory, ie add/edit users, create applications, etc.
Why can't I access that? I'm thinking perhaps the Subscription is owned by the AD and not the other way around.
What do each of the role levels in AD allow? There's
Global Admin
Billing Admin
Service Admin
User Admin
Password Admin
I believe the primary reason for this error is because when a co-admin with Microsoft account is added to a subscription, it gets added into the subscription AD as Guest user type. In order for you to get access to that AD so that you can perform the operations on the AD, you user type needs to be changed to Member from Guest. I had exact same issue with one of the users of our product and the steps described below solved the problem.
To change the user type, one would need to use AD PowerShell Cmdlets. The process is rather convoluted and needs to be done by your customer.
First, check with your customer if they themselves are using Microsoft Account for signing in into the portal. If they are, then they would need to create a user in their Azure AD. Please see this thread for why this is needed: PowerShell - Connecting to Azure Active Directory using Microsoft Account.
Next, they would need to sign in using this user account because one would need to change user password on the 1st login.
Install AD Modules. You may find these links useful for that purpose: https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx#bkmk_installmodule, http://www.microsoft.com/en-us/download/details.aspx?id=41950 (Please choose 64 bit version) and http://go.microsoft.com/fwlink/p/?linkid=236297.
Launch PowerShell and execute the following commands:
.
$cred = Get-Credential #In the window that shows up, please specify the local AD user credentials.
connect-msolservice -Credential $cred
(Get-MsolUser -SearchString "your microsoft account email address").UserType #This should output "Guest". If it doesn’t, please stop and do not proceed further as there might be some other issue.
(Get-MsolUser -SearchString "your microsoft account email address") | Set-MsolUser -UserType Member
(Get-MsolUser -SearchString "your microsoft account email address").UserType #This should now output "Member"
If somehow the problem still persists, ask your customer to login into the portal, delete your user record from AD users list and add it again. That should also take care of this problem.
The answer was that I needed to be set up as a Global Administrator in the Azure AD domain.
Both answers above seem to be correct in it's own way.
As a starter subscription administrator does not automatically make you an Azure AD administrator. You'd need explicit role grant on the target Azure AD.
Second aspect is the type of the account used. If it's in current Azure AD or Microsoft Live account all is well.
In case that account is part of an external Azure AD, by default user type is "Guest"(can login, but cannot control event if assigned "Global admin"). Therefore PowerShell commands highlighted above should be executed to change user type to "Member".
Some more helpful info can be found here (it is mentioned as a Visual Studio Team Services issue, but actually applies to most Azure related services).

Resources