I have two businesses and each has an Azure subscription. I'm an admin for each using my same MS email account.
Bill is only involved in one of the subscriptions, but when I log into my subscription "Local Happenings" (to which Bill should have no access) I still see his email address in the URL.
This picture shows it better:
https://db.tt/kvuccFOO
I'm wondering why this is, and if it could potentially be a problem.
My fear is that if he decides to cancel his business's account, then he will cancel mine or something.
I tried again to create a new subscription to verify I wasn't already logged into his subscription (I used a different browser), but it still shows his email address in the URL.
Anyone have any ideas?
UPDATE 1:
https://db.tt/QHJrfIno
I see that my subscription is under his "default directory". I never selected this when creating my subscription. How do I change this, and is it the culprit?
What shows under the "Active Directory" tab in the management portal for each Subscription? When you say "MS email account" is that an old hotmail-type account or one registered via Office 365 or Azure?
The fact that the account showing in the URL has #XXX.onmicrosoft.com address suggests there is a link back to an Azure Active Directory (AAD) instance. If this is shared between the subscriptions (potentially as a login from it was used to create on of the subscriptions) then this would be the cause.
You need to make sure a non-AAD account is an admin on the subscription so that removal of an associated Azure AD instance will not orphan the subscription.
Have a read of the AAD documentation here for more information: http://msdn.microsoft.com/library/azure/dn629581.aspx
Related
I used personal e-mail as “Microsoft Identity” to sign-up for Azure Free Trial. My expectation is my e-mail ID is the root login for my account and associated identity is the root owner, and I think that was the case initially. Later, I deployed an Azure AD Tenant with a different name, turns out a bizarre pseudo-e-mail ID (UPN) became root owner of my parent account which I don’t have access for. Now I can’t delete subscriptions or the unwanted UPN. How can I reset my account to start from clean slate? One way is to use a different e-mail ID and get started with new account. I am wondering if some one can provide steps to perform clean-up and restart with same old e-mail ID / identity as root owner. Azure support plans start # $29.00/month and I am trying to avoid that.
Another symptom, I can't cancel supscription. It asks me to use contact owner, and that happens to be that bizarre very long email looking UPN which I can't use for login as those credentials aren't there.
You should contact Azure Support Team and raise a subscription ticket which is free for further help.
They can help you to manage your subscription owner and credit card / billing information from the backend.
I am almost new to Azure. My client had created an Azure account and sent invitation to me. I had accepted her invitation to join her Azure portal. However when I log in with my username, it shows me "No subscription". My client is saying she has given me every access rights, but I am not able to do anything there. Even I am not sure if I have really joined her Azure portal.
Here is the image if when I tried to access Free Services.
For what i understand is that the current directory you are working in doesn't have the rights that you are expecting. And your client has added you to another subscription with all the required rights. All you need to do is switch your directory to the one which has the subscription provided by your client.
Just Click on your profile avatar(or name) on the top right of the portal.
Select the option Switch Directory form the pop-up.
And choose your concerned directory + Subscription.
I have purchased an SSL cert for my site and the cert has three steps you need to do in order to have it fully configured. The first step is "Key Vault Status" which I then click on and it shows the following error:
You do not have permission to get the service prinicipal information needed to assign a Key Vault to your certificate. Please login with an account which is either the owner of the subscription or an admin of the Active Directory to configure Key Vault settings.
This is very confusing because I am the owner of this subscription and I also went and created a new Key Vault just in case it was due to not having one created in the first place. In addition I checked the Access Control for this cert and I am also listed as Owner.
Any help is appreciated.
Ok, so I finally got to the bottom of it - I'll outline the story here as this was the solution but may not work for everyone.
When I first created my Azure account I did so under email address 1
A few years later I had migrated most of my email to email address 2. To get status updates and other things I transferred the subscription to email address 2.
Every other service has worked fine accept for this SSL issue as well as not being able to buy a support plan (it popped open an email app to send to email address 1)
In speaking with the AzureSupport twitter account they agreed that it was strange and arranged for a one time ticket for support.
The support agent asked me to check my Access Policies for the Key Vault I had created. This showed that email 1 is indeed a user in the Azure Active Direction and they mentioned that I'd need to have the admin add it. Since I had noticed the irregularities with email address 1 showing up in the URL and in the email for adding support I logged into Azure using email address 1 and went to Azure Active Directory->Users under that account.
I then selected the guest account, selected Directory Role, and added a new role of Application Administrator. Now all of it is working as expected!
My subscription was attached to employer Active Directory and I can't change my role in it.
I solve this problem by creating my own Active Directory and by moving subscription to this AD.
I am using my work email address to set up multiple Azure IaaS environments. When I log into Azure, I get asked if I want to use the "Work or School Account" or "Personal Account" - both referring to the same email address.
I don't recall setting up anything in terms of personal accounts, or linking my work email as a Microsoft Outlook.com/Hotmail/etc account.
Access to the subscription has been applied to my Personal account, not the work one.
When granting access, there's no way to pick which one you're giving access to.
Couple of questions
I've created some VMs but want them to be linked to my work account. Can I change this?
How do I unlink my work email from Personal. I want to use work just for work, and not have any confusion between the two.
See this screengrab for more information:
There are few problem with your account so lets go over them one by one.
First means that now you have 2 different accounts one it is your work account another one it is your microsoft account. You can create both of them with the same email since they are from 2 different tenants.
This is a concept important or you to understand there is something on Azure that it is over the subscription that is the tenant
Tenant
|- Subscription
|- Resource Group
|- Resource
All subscription under the same tenant have the same Authentication method, this Authentication method can be linked to an Azure Active Directory ( Office 365 subscriptions are Azure Active Directory ) So you can open a request to microsoft to transfer your subscription to your company tenant. if you do this all the resources under it will be transferred to your other authentication. You can open this ticket on the portal.
If you don't want your personal account anymore you can close it on https://account.live.com/closeaccount.aspx
Thanks to those who edited the question for me, my line-breaks didn't work by default, I'll ensure that I get it write next time. I was only allowed to post the image as an attachment being first-time poster, someone fixed that for me.
The answer from Gabriel Monteiro Nepomuceno was correct and touched on the root cause, but there's one element I didn't include in my question.
Regarding the tenant: the tenant is created under the company account of "company.com". I am a sub-contractor and was granted access to my own account at "benscompany.com". Azure support have advised that its only possible to grant access to different account via the personal account.
We have a number of Azure subscriptions with various co-administrators in our environment. To date, we have used people's Microsoft accounts to grant co-administrator rights, and of course many use their corporate [username]#[company domain] email address for these.
Some time ago, we enabled Azure directory, synchronized to our on-premise AD, where accounts have also been # - and all was good. When adding new co-admins, we simply had to choose if we wanted to use their MS account or their organizational account.
However, we're now seeing the following error when adding some users' Microsoft accounts to some subscriptions:
The Microsoft Account '[username]#[company domain]' cannot be made a co-administrator as its domain is the same as one of the Verified Domains of the target subscription's directory.
Has anyone else seen this - is it an intentional change in behaviour? It seems somewhat inconsistent...
i had the same issue, then I used the new preview portal and it worked.
try it out
According to Microsoft support, this change in behavior is intentional.
(Since posting the question, they have also sent email notifications that any co-admins with Microsoft accounts outside of the Azure Directory will be added as guest accounts in the subscription's directory.)