When I go into the classic portal, Settings on the left, select my subscription, When I click edit to 'Change the associated directory' I only have 'None' in the drop-down. I think this s breaking my SQL AD Authentication. I have a directory set up with users and groups and I can see it and manipulate it in the new portal. I can't however log in to a SQL instance using AD username/password.
How can I get my directory to show up in the list?
That seems like it would be the issue, if you can't see the directory listed and you see 'None' then you need to verify you are an the account administrator of the subscription and global administrator of the directory otherwise you will not be able to associate it with your subscription.
Related
I accidentally deleted the only azure owner role of my subscription. Any idea how can I get that restore? I can only login now at azure portal and when I click on subscriptions it is keep loading, nothing is coming.
I have resolved this myself. As I am also a global administrator so I created an Azure AD User, assigned the global admin role to it. Login to azure portal with that new account, and re-assigned the Owner role to my original account which I accidentally deleted. Now Its Working fine :)
The same thing happened with me today and even after being "Global Admin" to Azure AD, I was unable to modify the permissions as the "Role Assignment" options were appearing disabled.
These are the steps that I followed:
I logged in to Azure Portal with the MS Live ID(#outlook.com) using which we got the MS Azure subscription registered(Root ID or Account Owner ID).
Then went to the Azure subscription --> IAM --> Add Role Assignment. This option was enabled this time!
To be on safer side now, created a Security Group in Azure AD with 3 Azure Administrators and then made this Group as "Owner" to the Azure Subscription.
I am using Azure DevOps with a Microsoft Account (#outlook.com). The same account is co-administrator of 3 different Azure Subscriptions.
I am trying to create a new Service connection from my Azure DevOps Project to my newest Azure Subscription (out of the 3).
When I:
Go to my project's Project Settings view and click on the Service Connections tab.
Click on the 'New service connection' button.
Choose 'Azure Resource Manager' for the connection type.
Choose 'Service Principal (automatic)' authentication method.
I find that the drop-down list for Subscription is only showing my two older subscriptions and my newer subscription is missing, as shown here:
How can I get my third, newer, subscription to appear in the 'Subscription' list?
I've tried the following without success:
Made my Microsoft Account to be a 'Co-administrator' of the Azure Subscription.
Gave my Microsoft Account the 'Owner' Role for the Azure Subscription.
Added my Microsoft Account to the 'Global Administrators' group in Azure Active Directory.
Set 'Guest users permissions are limited' to 'No' in the In my Active Directory's External collaboration settings.
UPDATE: The subscription that's not shown in the list is currently a "free-tier" subscription whereas the 2 subscriptions that are shown are "pay-to-go". Could this be the reason for my problem?
This is what solved it for me:
Go to your MS Azure account.
Search and go to 'Tenant Properties'.
Click on Manage Security Defaults.
Turn these off
I can finally see my Azure Subscription in the Subscription list. I'm not 100% sure which step I took is responsible for fixing the issue so I'll list 2 things that I did:
In the Azure Portal I created a new App Registration, this time having the "Supported account types" setting set to "Accounts in any organizational directory ... and personal Microsoft account ...":
In PowerShell and using the AzureAD module I reset the Service Principal Key Credential:
a. Ran PowerShell (v5.1) "as Administrator".
b. Install-Module -Name AzureAD
c. Connect-AzureAD -TenantId <tenant-id-from-the-app-registration-overview>
b. New-AzureADServicePrincipalKeyCredential -ObjectId <object-id-from-the-managed-application-overview>
PS - The Subscription's being in the free-tier seems to be irrelevant to the issue.
You can try accessing DevOps in a private mode, it simply gets the existing subscription.
Not an exact answer to the OP's question, but I think it's related and maybe helpful to others. My issues was creating a new subscription and that subscription not showing up on the Subscriptions page.
Click on the "Directories + subscriptions" button in top right.
Open dropdown and ensure desired subscriptions are selected
Navigate to Subscriptions page and click on "Subscriptions == globalfilter" and selected desired subscriptions.
See if you have a "default subscription filter" set on the Portal Settings page. Seems to add one by default.
I solved the problem by deleting an old app registration with an expired certificate. I'm not sure about the link between the two, maybe it forced a refresh somewhere.
I`m a global administrator of my Azure Tenant and gave Global admin rights to others so they can manage the Azure Tenant.
However, they cant view any of the services already provisioned on Azure.
For Example, cannot view:
a) Resource group
b) Enterprise Applications
Please suggest what more shall I do to resolve the issue?
This issue may be caused by that you haven't been assigned a subscription.
Try to find it whether subscriptions in your Azure Account. (Put in "subscription" in search blank in Azure. )
If you don't have any subscription, try to connect the owner and add your account as owner or else role . (Go to subscription > choose one subscription > Access control > Add ) The steps looks like this:
The service admin of Azure account has added me as a co-admin, and also has assigned me the role of Global Admin, but I am unable to see Default Directory in Active Directory section. Do I need to have any other permission apart from the above mentioned ?
By default only global administrator will have access to the default azure active directory in a given subscription. Or You will have to be user administrator in order to create and manage users in the default active directory. But they cannot create a new administrator though.
https://azure.microsoft.com/en-in/documentation/articles/active-directory-assign-admin-roles/
I have a windows account (hotmail.com) that has an associated MSDN Enterprise subscription.
I'm working for a company that has a PAYG subscription and they want to give me access so I can deploy websites, VMs etc.
They made me "co-administrator" but when I login to the portal and switch to that directory I get a "No subscriptions" notification. "You do not have access to any subscriptions in the << redacted >> directory".
In their directory I was a "User" so I thought changing that to "Global Administrator" would help. But I get the same message.
What are we missing?
In the classic portal (https://manage.windowsazure.com), adding you as a co-administrator is enough to give you full access to the subscription.
However, in the new portal (https://portal.azure.com), you should be added as a Co-Owner through the RBAC system.
Someone with an appropriate role should go to Browse > Subscriptions > "subscription_name" > All settings > Users to add you with the Owner role for example.
Does it help?
My issue was a little bit different, I had 2 directories, both associated with the same users that got me into the error of not recognising the subscription for any directory.
I just deleted the directory I created and left the subscription associated to "the default directory" via settings in the old portal and it worked like a charm.
My issue was that I created a new Azure AD, when I was trying to create my first VM there I was getting the message "you don't have any subscriptions on this directory", it was not recognizing my subscription under the new AD.
To fix this, go back to the Default Directory, go to Home > Subscriptions and select your subscription, then click on the "Change Directory" tab and select the option "From Default Directory" to "New Directory"