I have a question regarding Visual Studio Team services / Azure Web App deploy
in order to get my app be published using the Azure Web app deployment in release process, I had to grant access as co-administrator on my azure subscription using the old management manage.windowsazure.com
Is there any way to do the same thing using the new portal.azure.com ?
As we work as a big team, I would like to be very restrictive on users right and I do not want everybody to be co-admin. Is there any other way to grant publishing privileges on specific account (we use an Azure AD connected to VSTS) without giving Azure co admin privileges ?
#Thierry,
new new portal "https://portal.azure.com", you can config access with role base access management.where you can more granular permission (read/contributor/owner) to a user for a specific resources (service/resource group/subscriptions etc ...)
See more details from this articile https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-configure/
hope this will help!
Related
From what I read, AppRoleAssignment.ReadWrite.All should allow application to use Microsoft Graph SDK to do app role management programmatically. But how do I grant permission such that the application principal can only allow to manage it's own role but not other enterprise application?
The goal is to build a role management page in the web application to allow designated users to add/remove user to an app role for the same application without granting them access to the Azure portal.
Unfortunately, it's impossible currently.
Although we can add the user as the admin of the application principal on Azure portal and then we can do anything to the application principal on Azure portal, calling Microsoft Graph is different. It has to rely on the permission of Azure AD app.
But the Microsoft Graph permission AppRoleAssignment.ReadWrite.All is for all the application principals.
If you click on "F12" to open the developer tool of Chrome, you will find that the Azure Portal is using another API to finish the operation.
I tried to add my user as the admin of only one application principal through Powershell, but it still doesn't work for Microsoft Graph.
You can go to Microsoft Graph user voice to make a request to get the attention of the product group.
Im trying to start working with the v2.0 endpoint, I registered my web app in the new Application registration portal, but I cannot find it anywhere in my Azure AD. Should I not be able to see it there?
I tried creating an app both with my work azure account, and with an account I created specifically in the tenant. Neither works. Am I missing something?a
You could find it Azure Active Directory-->Enterprise applications-->All applications.
But you only could see Azure AD only applications. Currently, Converged applications could not see on Azure Portal, please refer to this feedback.
Update from comment:
The blade enterprise applications represents service principals in the AAD tenant, not applications. Once you sign into the app & consent or manually provision a service principal, you'll see it in this list.
I tried to grant delegated permissions to webApi using azure.portal.com.
Two web App/API application was register on azure AD. When i try to use 'Settings->RequiredPermissions->Add->Select an API' i not see my created application in list.
Same problem for old azure portal described on Granting native application access to web application
But new portal not fixed with previous solution.
Could anyone help, please ?
The Azure AD app registration blades in portal.azure.com are currently not creating a servicePrincipal in the tenant when you register your application. This means that the API you create will not show up in the list of apps to select from. More detail in this blog post
I am having an issue while deploying an Azure web role to a cloud service. It shows me the error
Cloud services are not available in this subscription.
I am using a pay as you go subscription on Azure. I don't know if there is any limitation with this subscription for cloud service deployment or not.
.
Updated version of JerryGoyal's solution.
Cloud Service Management will have to be done using the new Azure Portal, because Cloud Service Management in the old portal will be disabled as of 11/15/2017.
Log into the new Azure Portal.
Go to the Subscriptions View.
Set your account as a Co-Admin. Microsoft Documentation.
I think the issue you're running into is that the Cloud Service Publish Wizard in VS only supports subscriptions in which you are an admin or co-admin granted via via the old portal (manage.windowsazure.com). If you've been given access via RBAC or the new portal, then VS will not see the resources under those subscriptions.
To work around it, you can build the package using msbuild.exe and then upload it via the portal.
That help?
Cloud services are not available in this subscription
The error is caused because the Cloud Services still use the old deployment model that is based on Azure Service Management (ASM).
To deploy an ASM based component to Azure you need to be ‘co-admin’ for the subscription.
Right now you are ‘Owner’ on the new portal but this role only has impact on the new ARM based resources.
So, just ask your subscription admin to login to the old portal (https://manage.windowsazure.com) and make you co-administrator:
Login to the old portal
Click on Settings –> Administrators
Click on the Add button at the bottom
Enter the co-admin email address and click on the OK button.
After this reload your Visual Studio and the problem will be solved.
I have an Windows Azure Subscription when the administrator has a Microsoft Account.
This account has a Default active directory and I need to configure my Office365 domain to authenticate my applications with corporate accounts.
I cant remove the default directory.
Thank you
The management portal will not let you do what you are asking. It will not let you associate your Azure account with an existing Windows Azure Active Directory (WAAD) instance, and manage it through the Azure portal. You can, however, still use your Office365 instance of WAAD to as an identity provider through Azure Access Control Service (ACS). For a good starting place on using ACS for adding claims based authentication to your web application look here. For instructions on how to provision a WAAD tenant as an IdP for ACS look here.