Control Access to Microsoft Azure Account - azure

Our company has a Microsoft Azure account (Pay-As-You-Go).
We had a programmer that developed our web app. We gave him full access to our Azure account. So, he had access to everything.
We intend to hire another developer to make modifications to the web app, so he'll need access to the App Services and SQL Databases. Our intention is to just allow him access to those features.
We did our research and came across the documentation, Resources, roles, and access control in Application Insights. We followed it step by step, but there's an issue. Doc LINK
We tested the procedure by adding one of our IT staff's Microsoft account (personal Outlook.com account) and assigning him the Contributor role, and sent him an invite. He's not seeing the invite. We did the same for another staff, but it's the same problem.
Can we get some assistance please?

It was not working earlier .I tried with one gmail id. Now it is working perfectly fine and I am able to receive the invitation email.
To send invitation, you need to go to active directory. Add user's email as a guest under add user option (Add guest user).

Related

Azure login - new mobile number

I've moved recently from country A to B. Unfortunately I cannot login anymore to my Azure account. I have a personal account not an organizational account.
I've followed all steps here Common problems with two-step verification for a work or school account but still did not succeed. I've logged in to my outlook account and added a new QR code for the authenticator app, but this works only for my outlook account.
I always get the screen which only shows my old mobile number
I cannot open an Azure support ticket as I cannot login anymore.
How can I add my new mobile number so that I can get a code to login to Azure in such a case?
In this case the only way is to contact support via
https://azure.microsoft.com/de-de/overview/contact-azure-sales/#phone-numbers

Do I need to configure azureAD for powerapps?

I am new to powerapps, and I need to create an app with AzureAD authentication. But I am confused by this authentication. Do I understand correctly that I don't have to implement user sign-up and login screens, because every user which will be added to AzureAD would be able to login to microsoft account and will have an access to my powerapp?
So, I don't have to write any code for user signup/login/forgot password?
But in the Internet I saw that some people use AzureAD.getUser() and Office365.User. When do I need it?
PowerApps is building enterprise apps for your organization staffs. This app has to be developed, published and shared to AD users, and users can sign-in using Active directory single sign-on.
You can invite/share with AD individuals, security group or O365 group. But not Distribution groups. You can share the app to all users by sharing with “Everyone”.
Even PowerApps can be shared with external users (guests) but they must be guest users of an Azure Active Directory tenant.
How to share a PowerApp?
Yes, no signup or login other than Microsoft AD login/challenge screen.
Those snippets will be used to get current logged in user details.
Everything #ArunVinoth said and to add a little more info about:
But in the Internet I saw that some people use AzureAD.getUser() and Office365.User. When do I need it?:
These are PowerApps connectors (API wrappers) that allow you to surface AD/O365 data within the app for your users.
Example:
You may have a way for users to lookup contact information for people within the org.
You would add the Office365Users connector to your application
Then execute the .SearchUser method from that connector to display contact info based on user input.
These connectors are not for authenticating to the app, but rather providing lookup capabilities for your users. Or automating these lookups for your app logic.

Confusion between work account & Microsoft account

I am using my work email address to set up multiple Azure IaaS environments. When I log into Azure, I get asked if I want to use the "Work or School Account" or "Personal Account" - both referring to the same email address.
I don't recall setting up anything in terms of personal accounts, or linking my work email as a Microsoft Outlook.com/Hotmail/etc account.
Access to the subscription has been applied to my Personal account, not the work one.
When granting access, there's no way to pick which one you're giving access to.
Couple of questions
I've created some VMs but want them to be linked to my work account. Can I change this?
How do I unlink my work email from Personal. I want to use work just for work, and not have any confusion between the two.
See this screengrab for more information:
There are few problem with your account so lets go over them one by one.
First means that now you have 2 different accounts one it is your work account another one it is your microsoft account. You can create both of them with the same email since they are from 2 different tenants.
This is a concept important or you to understand there is something on Azure that it is over the subscription that is the tenant
Tenant
|- Subscription
|- Resource Group
|- Resource
All subscription under the same tenant have the same Authentication method, this Authentication method can be linked to an Azure Active Directory ( Office 365 subscriptions are Azure Active Directory ) So you can open a request to microsoft to transfer your subscription to your company tenant. if you do this all the resources under it will be transferred to your other authentication. You can open this ticket on the portal.
If you don't want your personal account anymore you can close it on https://account.live.com/closeaccount.aspx
Thanks to those who edited the question for me, my line-breaks didn't work by default, I'll ensure that I get it write next time. I was only allowed to post the image as an attachment being first-time poster, someone fixed that for me.
The answer from Gabriel Monteiro Nepomuceno was correct and touched on the root cause, but there's one element I didn't include in my question.
Regarding the tenant: the tenant is created under the company account of "company.com". I am a sub-contractor and was granted access to my own account at "benscompany.com". Azure support have advised that its only possible to grant access to different account via the personal account.

Docusign developer account reverts back to trial account

I initially created a trial account. Discovered that was incorrect then created a developer account. Everything seemed good until I timed out and tried signing back in. The new password used to create the developer account was no longer valid. DocuSign had reverted my account login back to the original trial account. This has happened every time I created a Developer account. I am currently up to my 12th dev account creation. Verifying every time. At least all the fields are prepopulated so I don't have to type everything.
How do I prevent DocuSign account management from reverting my Developer account back to a Trial account? I contacted their support directly but they didn't know and suggested I ask here.
Make sure that you are logging on to demo.docusign.net and that you are going to the following page to set up your dev account. Create Dev Account
When you first login to your account make sure the url is demo.docusign.net. Demo accounts are on a completely separate server system than the production system.
Support should also be able to look up your account information by e-mail to see where your accounts are located and what the status of them are. If you have an enterprise account, I would make sure to have your enterprise account number when you call in. This will put you with the enterprise support group, which typically handles these issues more frequently.

Software development start-up: Signing into Microsoft services

We are a start-up software company with around 15 developers. We are almost entirely using Microsoft's technology stack.
A problem that we have at this point is the confusion between signing into Microsoft's online services.
Each developer has two accounts: an Office 365 account and a Windows Live account. The Live account is created from the Office 365 account's email address. So, essentially, we have one email address but two accounts (and thus two passwords).
When logging into an online service, we are often greeted with the following:
For many, this becomes a hit and miss with their various passwords until access is granted. From what I understand:
Work or school account: An Office 365 account OR an account set up in Active Directory?
Microsoft account: A Windows Live account?
Next, can Azure Active Directory help us in any way here?
Are we able to somehow unify our accounts so to have a "single sign-in" for Microsoft's online services?
EDIT:
Further comments on Dushyant Gill answer below.
If we don't need to register our Office365 accounts as Live accounts, then how would I typically add a user to the Azure Active Directory?
When creating a new user, I only have three options:
I guess the last option would be the correct approach if we wanted to move away from Live accounts. I want to add a user to my Azure AD from my Office365 AD?
When I try to do this, I get the following error:
Do I have to link the directories somehow?
davenewza, yes you can take action to improve the experience here (it won't be simple - but given the number of users in you company - it shouldn't be that difficult)
First, your company already has an Azure Active Directory - it is the directory behind your Office 365 subscription. Azure AD authenticates your company's users when they sign in to Office 365 services.
Second, you should use your Azure AD accounts (work or school account) to signup and access other Microsoft services that are meant for businesses: Microsoft Azure, Visual Studio Online, Microsoft Dynamics etc. The disambiguation screen that you see (pasted in your question) only shows up when you're signing in to a service that supports both Azure AD as well as Live accounts. So, move your Azure and other business services subscriptions to use Azure AD accounts and as a thumb rule - your companies users will always select the 'work or school account' option (if ever they see that screen).
Finally, let's get rid of that screen altogether: do you really need the live accounts to run your business? (what Microsoft services are you using that need live accounts?) If none, great - once you've moved your subscriptions to Azure AD accounts - get rid of the live accounts. If you indeed need them - change their emails (add an _live suffix to them) - you as it is have two password - different user names will reduce confusion.
Note that the second step will require you to call Microsoft support (or file online tickets) to move subscriptions for some services - however the risk of downtime is low because you already have Azure AD accounts - you might need to reconfigure permissions once the subscriptions are migrated.
I am with the Azure AD team - get in touch with me if you're stuck - contact me on http://www.dushyantgill.com
Best of luck.
ps: we are working to improve this experience - such that folks like you don't end up in this position in the first place. Stay tuned.

Resources