We have a O365 subscription. We have a Azure subscription.
However, the Azure subscription is originally set up with a personal(!) account with was identical to that persons O365 account.
(personal account somebody#company.nl was created and used to setup Azure while that person also had a O365 account with the name somebody#company.nl)
When I log on to Azure using henrov#company.nl I have to choose 'personal' account to log on to Azure. I do see our subscription. I understand that our Azure subscription has in fact nothing to do with our O365 subscription.
However, if I go to PowerBI in O365 and install a datagateway I need to login with my O365 account henrov#company.nl. When I the choose to install a gateway on Azure I get logged in as henrov#company.nl (School/Work account). To be followed by the message: "you have no subscriptions".
I understand what is happening. Somebody#company.nl messed up while setting up Azure. But what can I do to correct this? Would it be better to setup a complete new Azure subscription using a different adress? Or can I somehow merge the existing Azure subscription with our O365 subscription?
That's because you can actually have a Microsoft account created using your corporate e-mail, but it doesn't mean it is an organisational account like the one you have when you create an Office 365 tenant or any other service which relies on Azure AD platform.
Login to your Azure subscription using the service administrator of that subscription (the personal Microsoft account) and follow this guide to transfer the subscription to another tenant owner, that is, the global administrator of your corporate tenant.
https://learn.microsoft.com/en-us/azure/billing/billing-subscription-transfer
Finally, change the directory associated with that subscription.
https://learn.microsoft.com/en-us/azure/billing/billing-add-office-365-tenant-to-azure-subscription
You can do the latter only if you want.
Related
I'm trying to follow this tutorial on developing with Microsofts Graph Data Connect. The tutorial states:
The Azure subscription must be in the same tenant as the Microsoft 365 tenant. Microsoft Graph Data Connect will only export data to an Azure subscription in the same tenant, not across tenants.
Your Microsoft 365 and Azure tenants must be in the same Azure Active Directory (Azure AD) tenancy.
I already have an Azure account with an Azure for Students subscription. I signed up to the Microsoft 365 Developer Program and created a new sandbox. This creates a totally new tenant with a corresponding admin#[MYTENANT].onmicrosoft.com account.
The 365 sandbox has an Azure Directory, but no subscription or ability to create new services. The admin account cannot be used to sign up for a new free subscription, attempting to create an Azure free account results in a "Your current account type is not supported" message.
Is there a way to link these two accounts together so I can create an app in Azure that uses Graph Data Connect to access the dummy data in the 365 Sandbox?
You might be able to change your azure subscription to a new directory. (It might be blocked by policy however)
You'll need a user who exists in both directories, and who is an owner on the subscription. In the portal, click the "Change Directory" button on the ribbon and follow the prompts. Note, the directory change will delete all RBAC role assignments and possible some other configurations, but if this is a learning subscription there's probably not a lot that can't be recreated.
https://learn.microsoft.com/en-us/azure/devtest/offer/how-to-change-directory-tenants-visual-studio-azure
I was logged in to my AzureDevops account using my hotmail account.I then went to Organization Settings and then connected my Org to Azure AD.
After i logged out and logged in back again with the same account, i don't see anymore my projects which i was working on. I have disconnected my Azure AD and also tried switching directories but i am no longer able to see that particular organization anymore.
Any idea how to fix this or why this happened
Please check below points :
Try logging on to https://.visualstudio.com to see you can see the organization and projects, as stated in this.
Check Troubleshoot connecting to a project
You may not able to signin or access your organization unless your work or school account has the same email address as your Microsoft account.
Although you can add new work accounts to your organization, they're
treated as new users.
If you want to access all your work, including its history, you must
use the same sign-in addresses that you used before your organization
was connected to your Azure AD.
For that Add your Microsoft account as a member to your Azure AD Or
ask the owner of the organization who has proper permissions to map
any disconnected members to their Azure AD identities Or invite them
as guests into the Azure AD.
Invited user should use corresponding account, work/school account
for AAD based, personal account for the other.
So basically the user who makes the connection must confirm the following statements are true.
User exists in Azure AD as a member. If the user is an Azure AD guest, rather than member
User must have project collection administrator or owner of the organization
User must also have Azure Service Administrator or Coadministrator permissions for the Azure subscription that's linked to your organization in Azure DevOps.
User isn't using the Microsoft account identity that matches the Azure AD identity. For example, if the Microsoft account that users are currently using is jamalhartnett#fabrikam.com, the Azure AD identity they'll use after connecting is also jamalhartnett#fabrikam.com. Use a single identity that spans both applications, rather than two separate identities using the same email.
Add your work account as an administrator in your Azure DevOps organization
The AAD tenant should be same as the DevOps tenant to connect & Transfer the ownership of the organization to your work account.
Please see if you have followed the Prerequisites to Connect organization to Azure Active Directory
FAQ: to be refered
why dont i see my organization in the azure portal
why do i have to choose between a work or school account and my personal account
what if we cant use the same sign in addresses
Note: No other user than the owner of the organization will be able to see the organization under the “Azure DevOps organizations”
service in the Azure portal. Also, Azure DevOps does not support
multiple owners, like Azure services that support Role Based Access
Control (RBAC) do. An Azure DevOps organization will only have a
single owner at a time :reference
Please try to access https://aex.dev.azure.com/ and change domain to see if your organization is present in the list.
Or
You may need to open a support case on the Developer Community to help you out or raise a support request through azure portal.
References:
Lost organization after disconnecting it from Azure Active Directory-Stack Overflow
What not to do when Connecting Azure DevOps to
AzureAD |Josh Corrick |
Restore project - Azure DevOps Services | Microsoft Docs
I started learning Microsoft Azure but I'm stuck
Can anyone tell me what is the difference between Microsoft account vs tenant vs Subscription in detail?
When you say "Microsoft account", this usually refers to personal Microsoft accounts (outlook.com/live.com/hotmail.com).
But it could also refer to organizational Azure Active Directory accounts.
They are both kinds of user accounts, both types can exist as members in an Azure Active Directory "tenant".
This tenant is basically an instance of Azure AD for your users, in your control.
When you log in to Azure, you are logging in to Azure AD.
An Azure subscription is where you deploy your services, create resources like databases etc.
A subscription is always linked to an Azure AD tenant.
The users in this linked tenant can be given roles in the subscription to access/modify resources.
If anyone wants access to the subscription, they need to be added to the Azure AD tenant first.
This can be done by creating them an account there, or by inviting them by their email as a "guest".
microsoft account: the one used to log in
tenant: your azure active directory (usually the default is [account].onmicrosoft.com
subscription: your microsoft azure subscription, the one used to create services/ deploy your applications
I have an office 365 Subscription that was created when i created my Dynamics 365 (CRM) trial version.
I also have a MSDN Enterprise Azure Subscription.
I'm trying to associate the office AZURE AD with my MSDN AZURE Subscription.
I'm trying to proceed as described in the below link
https://github.com/uglide/azure-content/blob/master/articles/billing-add-office-365-tenant-to-azure-subscription.md
But the link for the old azure management portal and I'm not able to find a way to add "New Directory" with the option to choose "Existing Directory"
Awaiting your valuable inputs.
Regards,
Clement
You can refer
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
https://learn.microsoft.com/en-us/azure/billing/billing-use-existing-office-365-account-azure-subscription
to know How to Associate or add Azure Subscription to Azure Active Directory. This should do the trick if you do not have any resources in the Azure Subscription that are dependent on the current tenant for the subscription.
So, what happens is that if you have anything on the current tenant for the Azure Subscription, that would be replicated to the tenant for the O365. All of the same would need to be re-created manually.
Only the Subscription Admin of the Azure Subscription would retain the access to the subscription.
If you should have resources and the access levels might be a question for you by the re-association of the Subscription to the O365 tenant, we would suggest you create a Billing & Subscription Ticket so that Microsoft support team could personally assist you in the entire process effectively.
I don't really understand why on this case. My company has an azure subscription for development/testing environment.
At the beginning I am co-admin on this subscription with my Microsoft account. Now I need to manage applications under Azure AD of that subscription. So my Microsoft Account is leveraged to Global Admin of this Azure AD.
But even my MS account is leveraged to Global Admin, I cannot see or have access to Azure AD.
After searching around and based on this article:
https://blogs.msdn.microsoft.com/dstfs/2015/12/23/issues-with-azure-active-directory-guest-users-in-aad-backed-visual-studio-team-services-accounts/
I am GUEST (user type) on Azure AD, so even I am global admin, I still cannot have access to this Azure AD.
From the link, this happens because:
One way you can become an AAD GUEST is when you are made a co-admin on an Azure subscription before being added to the AAD associated with it
It can be fixed by using powershell like #CtrlDo's answer. But you have to create an global admin with work/school account since this approach does not work with Microsoft account:
PowerShell - Connecting to Azure Active Directory using Microsoft Account
We have another approach which can be done in the UI that we think it's simpler:
Remove my account out of co-admins of subscription.
Remove my account out of Azure AD.
Add my account back to Azure AD as Global Admin.
Add my account back to be co-admin on subscription.
That does work perfectly
When you were added to the AAD, your user type might have been set to "guest"
See https://azure.microsoft.com/en-us/documentation/articles/active-directory-create-users/ for more information.
See https://blogs.msdn.microsoft.com/dstfs/2015/12/23/issues-with-azure-active-directory-guest-users-in-aad-backed-visual-studio-team-services-accounts/ for an older post on how to view the issue in powershell and fix it.