I have an account in VSTS, which have both personal and work account. I have a project named abc.visualstudio.com under my work account. I would like to change this project to my personal account.
Changing ownership to a different person is quiet easy in VSTS. Changing a project from one directory to another of the same person is a bit tricky and I am struggling to get this done.
Make sure that "xyz#hotmail.com" is the current owner of the VSTS account and then disconnect the VSTS account from the linked Azure AD, the owner will switch to the Microsoft Account with "xyz#hotmail.com".
One important thing you need to know is that disconnecting VSTS from AAD will cause the other users who use the work account cannot sign in. So you need to make sure that all the other users also switch to microsoft account.
Related
I have a couple open source projects hosted on GitHub where I would like to use Azure pipelines for automated testing, building, and deploying. These projects typically involve collaborating with others outside my institution. My Azure account is an Organizational account for the University where I work. If I create an organization on Azure it ends up being "owned" by my University which means that collaborators have to go through some extra hoops to get access to the Azure organization (become a user or project admin). We've also considered having my collaborator create the organization, but their account is also tied to their institution and has even more restrictions.
Apart from making a separate Azure account on a separate email, is there any way that I can make an organization that isn't "owned" by my University?
You could create a new DevOps organization, and disconnect the AAD from Organization Settings -- Azure Active Directory, then you could add the external users in this organization. In this way, external users won't be added in the azure.
I have an application in Azure that's listed under 'App registrations' -> 'Applications from personal account' that I would like to move to a directory so other users in the company can manage it.
There's an info message that has this to say about personal account applications:
These applications are associated with the account xxxxxxxxxxxxx but
are not contained within any directory. They are shown here so you
can manage them, but will not be available to other users or admins in
this directory.
Is there any way to move it? I haven't been able to find any info on this, and seeing as it's in use in the wild by thousands of users I would prefer not to create a new one and have them re-authorize.
I have confirmed this with Azure support engineer. The answer is no. Here is the reply. Hope it helps.
Your applications were created in converged app portal by your
Microsoft account. After lab tested, the Apps owner cannot be changed
to a work account because the MSA account is not contained within any
AAD. The workaround would be re-create it in the new tenant for your
application.
We have a Office365 account that uses Azure Active Directory for our company e-mail accounts. We have a totally separate (different login) Microsoft Azure account that we have been using without touching Azure Active Directory within.
We are looking to implement Azure Active Directory within our apps, and would like to use our existing O365 Active Directory since it already has all the users created. Is there any way for us to somehow link our Azure account to the O365 account so we can use that active directory in our Azure account?
I have found some examples, but they all seem to use the premise that you are logging into both Azure and O365 with the same credentials. That is not how ours is setup unfortunately.
If you are interested in combining the two (usually keeping O365 identities and making that AAD the default for your Azure subscription), you can contact Microsoft directly and they will be able to manually pair the two. As of 6 months ago (last time I did this) there was no way to do this yourself without assistance from MS.
You can open tickets through the Azure portal or the Office 365 web site.
Found a article that got me pointed pointed in the right direction and I was able to get this done:
How to associate or add an Azure subscription to Azure Active Directory
Ultimately I needed to have one Microsoft account that had sufficient permissions on both Active Directory tenants. It was tricky because both accounts were different Microsoft accounts using the same e-mail address, and either directory would not let me add another account with a duplicate e-mail address. I used a separate Microsoft account and added it as a AD guest on both directories. Once that was done, I was able to login with the new account with access to both directories and pick which directory I wanted to use within my Azure account.
This problem may stem from the dependency on MS accounts for MSDN instead of work accounts, but maybe some one has found a solution?
I use the same email address for both my MS and Work Accounts.
Our Company Subscriptions seems to be linked to our MS Accounts, as does our VSTS accounts. I can sign into Azure Portals using both MS and Work Account. I want to be able to deploy do our company subscription from VSTS.
When I sign into Azure, using my work account, I can see our Azure AD. I am a global admin and can make changes, etc. This is not visible when I sign in using the MS account. It tells me I don't not have access, which I can understand.
In VSTS, I have linked my MS Account to my work account. But I cant access some of the projects # {whatever}.visualstudio.com VSTS sites with my work account, I must use my MS account.
The main problem is when I try to set up a build and deploy from VSTS into the Company Azure Subscription. To achieve this I need to set up a Service Endpoitn to ARM in Azure. So I go ahead and try to do that.
It fails as it says that the account does not have the sufficient privileges needed in Azure Active Directory. Remember, AAD is only accessible when I log into my work account in the azure portal.
One last point, AAD would see my MS account as a guest account, so I thought 'hey, I will add that account to AAD as a guest and assign privileges necessary to perform the tasks I need'. But because the same email address was used for both my MS account and work account, it tells me when I try to add the guest account, that it already exists.
Is there any way around this problem? How can I associate/move all VSTS subscriptions to my work account?
When the VSTS identity you are using does not have access to the Azure subscription your trying to deploy to, the best way to do this is to create your service endpoint manually.
The steps are [here][1]. See the Azure Resource Manager service endpoint -> Manual subscription definition section. It has a few more steps, but once you create that, just use that service endpoint in your build or release definitions & your good to go.
I can't seem to figure out how I can delete the tenant which I have created from my Azure Subscription. Can anyone help me figure out how to do this? It sounds like it should be easy to do, but maybe I'm missing something.
Currently you cannot remove AAD tenant from the Azure Portal. You also cannot rename it. The good thing is that you are not being charged for it if you are not using any special features (i.e. even if you use for just authenticating without the Two-Factor-Authentication it is still free!). And I don't recall to have seen an API via which you would be able to remove an AAD tenant.
UPDATE
As of November 2013 you are able to rename Azure AD, Add new Azure AD, change default AD for a subscription, delete Azure AD(as long as there is not subscription attached, and no user/groups/apps objects in it).
We were eventually able to delete an Azure Active Directory instance after we deleted all mapped users (except for the administrator who was logged in) and groups.
Make sure you go through the following list of possible causes for not being able to delete your Azure AD:
You are signed in as a user for whom <Your Company Name> is the home directory
Directory contains users besides yourself
Directory has one or more subscriptions to Microsoft Online Services.
Directory has one or more Azure subscriptions.
Directory has one or more applications.
Directory has one or more Multi-Factor Authentication providers.
Directory is a "Partner" directory.
Directory contains one or more applications that were added by a user or administrator.