I'm following the article Connect VSTS account to Azure Active Directory, but I'm not able to make it running.
My current status is:
VSTS
account: test
owner: lukas#test.com (MS Account)
Azure
owner: lukas#test.com (Office 365 account)
Azure Active Directory: Office 365
Subscription: Pay-as-you-go
When I sign in to portal.azure.com by using Office 365 account, and navigate to Team services accounts, there is just message Nothing to display.
But if I sign in to portal.azure.com by using MS account, and navigate to Team services accounts, I see my VSTS account test. Then I'm able to link it to existing subscription and connect to to AAD, but it's not Office 365 AAD
Can anybody tell me what to do (step by step) and which account (Office 365 / MS) should I use?
It cannot be done through the Azure portal. If you have the same problem, just contact MS Support and they will help you to fix it.
Related
I'm trying to follow this tutorial on developing with Microsofts Graph Data Connect. The tutorial states:
The Azure subscription must be in the same tenant as the Microsoft 365 tenant. Microsoft Graph Data Connect will only export data to an Azure subscription in the same tenant, not across tenants.
Your Microsoft 365 and Azure tenants must be in the same Azure Active Directory (Azure AD) tenancy.
I already have an Azure account with an Azure for Students subscription. I signed up to the Microsoft 365 Developer Program and created a new sandbox. This creates a totally new tenant with a corresponding admin#[MYTENANT].onmicrosoft.com account.
The 365 sandbox has an Azure Directory, but no subscription or ability to create new services. The admin account cannot be used to sign up for a new free subscription, attempting to create an Azure free account results in a "Your current account type is not supported" message.
Is there a way to link these two accounts together so I can create an app in Azure that uses Graph Data Connect to access the dummy data in the 365 Sandbox?
You might be able to change your azure subscription to a new directory. (It might be blocked by policy however)
You'll need a user who exists in both directories, and who is an owner on the subscription. In the portal, click the "Change Directory" button on the ribbon and follow the prompts. Note, the directory change will delete all RBAC role assignments and possible some other configurations, but if this is a learning subscription there's probably not a lot that can't be recreated.
https://learn.microsoft.com/en-us/azure/devtest/offer/how-to-change-directory-tenants-visual-studio-azure
I have an Azure Organization and Devops Project assigned to my user with all the permissions setup to same as the Organiazation Owner (same email AD domain).
When I launch Azure Devops App within MS Teams, I click to Set up and it says "Sorry, you have no associated Azure DevOps organizations". The Organization Owner has no problem and can see the Option. I have rebooted, re-logged-in etc etc, checked every conceivable permission in MS Teams, OFfice 365 Admin, dev.azure.com Organization level... it still does not show the Organization in Teams.
Yet I can see the Devops Board which the Azure Devops Organization owner setup on Teams as a Tab.
Is there something I'm missing? Any help would be much appreciated.
Thank you
Thank you again for the feedback. The problem was that I had created another Azure account with my email address. I deleted the Organization but the Azure Devops add-in for MS Teams still picked the deleted Organisation as my primary Azure account despite me being assigned as an Admin to another Azure Devops Organisation and Project. It took about a week for my legacy credentials to expire and eventually I could connect to the new Azure Devops organisation.
I also received some excellent links to manage and support MS Teams integration with Devops so am posting it here in case anyone else finds it useful...
The MS teams extension for Azure DevOps has been deprecated and we suggest you to use the MS Teams apps for Azure DevOps.
https://learn.microsoft.com/en-us/azure/devops/pipelines/integrations/microsoft-teams?view=azure-devops
https://learn.microsoft.com/en-us/azure/devops/boards/integrations/boards-teams?view=azure-devops
https://learn.microsoft.com/en-us/azure/devops/repos/integrations/repos-teams?view=azure-devops
You could refer the below document which mentions the multi tenant feature of the MS teams app for Azure DevOps. This could help you to connect to all the organizations from different client AADs.
https://learn.microsoft.com/en-us/azure/devops/pipelines/integrations/microsoft-teams?view=azure-devops#multi-tenant-support
Users need to be granted with at least stakeholders access at the DevOps organization level ( not just the project ). Tell the owner to add them in there.
Check this out for further references: https://learn.microsoft.com/en-us/azure/devops/organizations/security/access-levels?view=azure-devops#stakeholder-access
You can check the prerequisites in this link and check whether your account and organization meet the prerequisites:
You should have Office365 account in order to integrate Azure DevOps
Services with Microsoft Teams.
Only Azure DevOps organizations in the same organization (AAD tenant)
can be used to integrate with your Microsoft Teams account.
In addition, here is a case you can refer to.
i changed my office365 account subscription from Godaddy to Office365 from Microsoft Store.
Now i lost my access to my previous devops organization, azure portal, and teams channel.
The step i switch my account is:
Unsubscribe my Office 365 in Godaddy
Remove my DNS record from my domain in Godaddy.
Sign up with same account & domain to Office 365 in Microsoft Store and add required DNS record to my new hosting provider.
Then i can login to my Office 365 account but lost all access i mention above. Additionally my mailbox is now empty too.
How to restore my access? Because now my client also cannot invite me as a project contributor to their Devops organization too which my account has been invited before i migrate my account.
How do you get access to the old apis?
In my azure account I have Office 365 unified API (preview), I wish to use the old APIs because it's in preview, poorly documented and sluggish.
However in my azure account I only have Office 365 unified API (preview), Office 365 Management APIs & Windows Azure Active Directory permissions to choose from.
In order for the Office 365 APIs to appear in "Permissions to other applications" on the Azure AD app configuration / registration portal, the Azure AD directory needs an Office 365 account (tenant) associated with it.
Here's an easy way to get going.
Sign up for the Office 365 Developer Program at http://dev.office.com/devprogram. It is currently offering a free Office 365 Developer tenant.
Associate your existing Azure subscription with the new Office 365 Developer tenant.
Log on to Microsoft Azure Management portal with your Azure credentials, e.g. user#live.com
Select Active Directory node, then select Directory tab and select New (bottom of screen).
On the New menu, select Active Directory > Directory > Custom Create.
In Add directory wizard, select "Use existing directory". Check "I am ready to be signed out" and when prompted log in with your new Office 365 Developer account information.
Select continue, and then Sign out now.
Log on again to the Azure Management Portal with your Azure credentials, e.g. user#live.com, and navigate to the Active Directory node.
You should now see the directory of Office 365 Developer tenant. At this point you'll have the Office 365 APIs when you configure / register a new application in this Azure AD directory.
https://msdn.microsoft.com/office/office365/HowTo/setup-development-environment
In my company, we are using Office365 for our emails.
In addition to this, we are using Windows Azure Active Directory to secure some applications.
Now I've been asked to create some kind of link between our users in Office 365 and Windows Azure Active Directory.
The point would be to have some admin applications deployed and secured with WAAD but for which the users are the ones from Office365.
I've found lots of documentation on the web on how to sync directories but not really anything stating clearly that this is possible.
I'd like to insist on the fact that it is our own application that we'd like to secure like this.
Thanks
(Edit 2018-03-23: This answer was updated to reflect changes in the new Azure portal.)
The underlying directory for Office 365 is Azure Active Directory (Azure AD). This means that if you have an Office 365 account, you already have a directory -or "tenant"- in Azure AD.
In your case, I think what you want to do is move from securing your application with a different Azure AD tenant (under a different domain), to securing your applications with the tenant you got when you started using Office 365. The key here is to be able to get access to your Office 365 tenant from the Azure portal.
All you need to do is sign in to the Azure portal (https://portal.azure.com) with you Office 365 account (which, remember, is an Azure AD account), and head over to the "Azure Active Directory" blade. (Note: You do not need an Azure subscription in order to manage your Azure AD tenant in the Azure portal.)
Now you can go about adding and configuring apps to the Office 365 tenant so that you can use that tenant to secure your apps.
Extra: Since you've already started doing things with another Azure subscription (presumably your Microsoft Account, MSA --formerly LiveID--), you might be interested in transferring that Azure subscription to be owned by an account in your primary Azure AD tenant: https://learn.microsoft.com/en-us/azure/billing/billing-subscription-transfer
If the aim is to make the Office 365 directory available inside the Azure portal, this currently works:
In the Azure portal, under Active Directory, click the New button, then Directory, then Custom Create. In the Directory pull-down, select 'Use existing directory' and follow the instructions to sign out and sign in using your Office 365 admin user. This will make your Office 365 directory available inside your Azure portal (in addition to any other Azure directories you have access to.)
When you setup your Azure Subcription did you use the same account you used when you setup your Office 365 Subscription? If so you should be able to see an existing WAAD instance when you log into Azure that has your #*.onmicrosoft.com domain registered against it. If you don't see that you may be able to add the domain to Azure subscription assuming of you are the domain admin. See here: http://blogs.msdn.com/b/bspann/archive/2013/10/20/adding-existing-o365-directory-to-azure-msdn-subscription.aspx
For the sake of completion, I hope the OP would come back and accept the answer provided by Philippe.
I found this that was quite helpful: http://blogs.technet.com/b/ad/archive/2013/04/29/using-a-existing-windows-azure-ad-tenant-with-windows-azure.aspx