I'm a developer that has an Azure account for my own dev stuff. I log into my dev account using me#hotmail.com.
Next, I set up a client with their own Azure account, then invited myself via me#hotmail.com and set myself as a co-administrator for the client's subscription. When I subsequently log into Azure using me#hotmail.com, I only see my own subscriptions/resources, etc.
Is there a way that I can log into Azure, using me#hotmail.com, and have access to both my dev stuff as well as my client's subscription from within the portal (specifically portal.azure.com).
Not sure if this is supported or if I'm doing something wrong. Thanks
You can only view subscriptions for a single directory at a time.
If you click your name in the top right corner of the portal you can select which directory you want to work from.
There is a suggestion on the Azure feedback site to add the ability to view subscriptions from all directories: http://feedback.azure.com/forums/223579-azure-preview-portal/suggestions/4761959-manage-subscriptions-across-all-available-director
Related
My team already has a working Azure DevOps account. I would like to start an Azure subscription / Active Directory to begin linking our DevOps to App Services and other Azure products.
However, any time I click on a link to get started with Azure, I am met with a perplexing paradox trying to log in.
First I'm told that I can't log in because my MS account isn't found:
But if I try to "Create one!" or "get a new Microsoft account", I'm told it already exists:
I've taken out the email address being used, but I've confirmed they are the same between the two screens (I'm not even typing anything; all I'm doing is clicking "Next" on each screen).
I know that this MS account is valid. It's the same one I use to sign in with Azure DevOps and many other MS services. I'm not sure why I can't log in to the Azure set up platform. And there doesn't seem to be any kind of support options with Azure before you become a subscriber, so I thought I'd try my luck posting the issue here.
Thanks for any help!
You can connect your Azure DevOps organization to Azure Active Directory (Azure AD). Kindly checkout this document - About accessing your organization via Azure AD
Just to clarify, I hope you are an administrator on the subscription.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
When your sign-in address is shared by your personal Microsoft account and by your work account or school account, but your selected identity doesn't have access, you can't sign in. Although both identities use the same sign-in address, they're separate: they have different profiles, security settings, and permissions.
Sign out completely from Azure DevOps by completing the following steps.
Closing your browser might not sign you out completely.
Sign in again and select your other identity.
https://learn.microsoft.com/azure/devops/organizations/accounts/faq-azure-access?view=azure-devops
To connect your organization to Azure AD.
Sign in to your organization, https://dev.azure.com/{yourorganization}).
Select gear icon > Organization settings.
Select Azure Active Directory, and then select Connect directory.
Ive created a website in Azure and I want to allow users to login and use the app, but im slightly confused by azure active directory access. I want users to only have acces to the web app, not to the portal. Users will be from within my organisation and from outside it so its vitally important that access is locked down, If a user somehow ends up at the azure portal they must not be able to access it. If I set users up in our active directory, wont they be able to login to the azure portal too ? I want to take advantage of authentication as a service and hand over authentication and multi factor authentication to azure but everytjhing Ive read so far seems to suggest If i use azure active directory, users will be able to acess the Azure portal too, is this correct or am i misinterpreting the information ? Are there any step by step guides available for these sorts of scenarios ?
If i use azure active directory, users will be able to acess the Azure
portal too, is this correct or am i misinterpreting the information ?
No, your users will not have access to Azure Portal (rather Azure Subscription as Azure Portal is an application using which a user manages one or more Azure Subscriptions) unless you grant them permission to access it. In order for your users to have access to Azure Portal, you would need to grant them permissions explicitly to do so. In the new portal, you do it by assigning roles (e.g. Owner, Contributor, Reader etc.) and in the old portal you do it by making them co-administrators.
Unless you do this, when they login into Azure Portal all they will see is a message stating no Azure Subscriptions were found.
I've set up Azure AD authentication on a existing web app and that works ok.
I then want to add "Users in partner companies" via CSV upload. But the account I use to administer Azure is my company account so the option is not available.
So I then created a APPNAME.onmicrosoft.com account.
But when I log in to the portal with that, it's not linked to any subscriptions so obviously it can't add any users to the AD.
And I can't add the user to the subscription as they are not recognised.
I appreciate I'm probably missing/misunderstanding something fundamental but can anyone explain what I need to do to be able to enable B2B collaboration?
If you look at your list of subscriptions is APPNAME.onmicrosoft.com the default directory for any subscription? You currently can't do B2B invites unless it is the default directory for some Azure subscription and unless you pick APPNAME.onmicrosoft.com from the drop down in the top right of the portal. We have had to create a new empty Azure subscription with APPNAME.onmicrosoft.com as the default directory and make the B2B a subscription admin.
Now in order to switch the default directory of the subscription my recollection is that you have to be logged in with a Microsoft account (LiveID) rather than an organizational account.
I am unable to view any services in my azure portal. A couple of days back everything was visible.
I think there's some permissions issue. I am logging as Global Admin on the portal.
[UPDATE]: I was trying to publish a web application from visual studio to my azure account and when I select my account, it says "There are no Azure subscriptions associated with this account". Is it that my account is suspended or deactivated or so?
You are signed in to the classic portal with an AAD subscription. These subscriptions don't support using other services. You might be signed in to the wrong directory. Use the "Subscriptions" menu at the top to switch. If you don't have that, you could also be signed in to the wrong account. Some people have used "work/school" (AAD) email addresses to sign up for a "personal" (Microsoft Account) account. If that happens, you'll see a prompt to pick one of the two when you sign in. If you don't see your subscription, it may be assigned to the personal/MSA account. You can grant access to the other one to avoid this.
I joined to Windows Azure Active Directory beta trial when http://activedirectory.windowsazure.com was initially launched.
At initial process, site forced me to use a new LIVE account instead of the one I already have which is myname#live.com and also controls all my Azure services. Anyway, I did create a new one as myname#mycompany.com
Next, I did be able to create the active directory domain as mycompany#onmicrosoft.com and added my mycompany.com domain as secondary domain.
While ago, Active Directory tab appeared in Azure control panel and it came empty. So I assumed it needs to be link somehow but couldn't find anything about it.
After that, I tried to create a new domain but when I type mycompany into the name field of the create a directory page, it says "This domain is not unique" which is predictable since other live account holds the name.
Tried to delete entire account but didn't work. Also in here says :
"The original contoso.onmicrosoft.com domain name that was provided for your tenant when you signed up cannot be removed from your tenant."
Since I'm the owner of the both account, I would like to move (or re-create etc.) mycompany#onmicrosoft.com under my actual Azure account which is myname#live.com.
Please advise. Thank you!
I didn't realize you had an existing subscription you were looking to work wit. So what you are seeing is expected behavior as there is no subscription associated with your Azure AD account.
We are propping an update this weekend and Monday that will help you here. On Tuesday morning, do the following:
Log into Azure using your Azure AD account.
It will tell you that you have no subscription - set up a 90 day trial subscription - you will not be charged anything for this.
Click onto Active Directory tab in the Azure Portal.
Add a new user - and select to add a user with a Microsoft Account - specify the account that is the administrator of your Windows Azure subscription and make them a "global administrator".
Log off
Log in to Azure portal using the same Microsoft Account that you just added.
Go into Settings.
Click on administrators tab
Select your Azure Subscription
Click "add" in the tray at the bottom
Now add the Azure AD user account you would like to have be a co-admin on your Azure subscription.
That should do it. Now when you log in using your Windows Azure Account you'll be able to administer your Azure subscription.
Just a reminder - try this on Tuesday morning! We will have the update propped by then.
You can make this work though by creating a new 90 trial subscription - you do this on the page where you are being told there are no subscriptions associated with your account.
You need to log into Azure using your myname#mycompany.com account (the Windows Azure Active directory account you created).
To do that, go to the Azure Management portal - if you are already logged in using a Microsoft Account (formerly LiveID) you will need to log-out first - Then the left hand side of the login page you should see a link that says "Office 365 users: Sign in using your organizational account".
Click on that link, and now log into the Azure portal using your Azure AD Account (myname#mycompany.com). Once you do that, you should see your Windows Azure AD tenant in the Active Directory tab in the portal.