does not have authorization to perform action 'Microsoft.Management/managementGroups/read'

by XDK 25. October 2019 16:02

Exception:

PS C:\WINDOWS\system32> Get-AzManagementGroup -GroupName XDK_Organisation_Root

Get-AzManagementGroup : The client 'live.com#XXXXXX@XXXXXX.com' with object id '51bf3892'
does not have authorization to perform action 'Microsoft.Management/managementGroups/read' over scope
'/providers/Microsoft.Management/managementGroups/XDK_Organisation_Root' or the scope is invalid. If access was recently
granted, please refresh your credentials.
At line:1 char:1
+ Get-AzManagementGroup -GroupName XDK_Organisation_Root
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzManagementGroup], CloudException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Resources.ManagementGroups.GetAzureRmManagementGroup

Solution:

The Global Administrator account in Azure AD might not have access to all subscriptions and management groups in the directory. The solution is to elevate the global administrator account in Azure AD to access all subscriptions and management groups.

Azure portal --> Home --> Azure Active Directory -->Properties --> Select "Yes" --> Save.

Tags: ,

Azure Certifications | Microsoft Azure Services

How to join and register iOS device (iPhone) with Azure AD?

by XDK 12. October 2019 00:49

Explanation:
Go to HOME --> Azure Active Directory --> Devices --> Device settings.

Open Apple Safari and navigate to Azure Active Directory Device Registration service Over-the-Air Profile endpoint for iOS devices.
https://enterpriseregistration.windows.net/enrollmentserver/otaprofile/<yourdomainname>

Where <yourdomainname> is the domain name that you have configured with Azure Active Directory.

https://enterpriseregistration.windows.net/enrollmentserver/otaprofile/xavierdilipkumar.com

Open Apple Safari and navigate to the Device Registration Service (DRS) Over-the-Air Profile endpoint for iOS devices.
https://adf1s.contoso.com/enrollmentserver/otaprofile

1. Log on to the webpage by using a domain account credentials
2. You are prompted to install a profile. On the Install Profile screen, click Install.
3. When prompted to confirm installation of the profile, click Install Now.

4. If your device requires a PIN to unlock the device, you are prompted to enter your PIN.
5. The profile installation is finished when you see the Profile Installed screen. Click Done.
6. Return to Safari. A message informs you that you can close or leave Safari.

Goto HOME --> Azure Active Directory --> Devices --> All devices

Tags: ,

Azure Certifications | Identity Management | Microsoft Azure Services

How to restrict registered apps from users in Azure AD tenant?

by XDK 12. October 2019 00:39

Explanation:

By default, applications registered in an Azure AD tenant are available to all users of the tenant who authenticate successfully.

To restrict registered apps from users in Azure AD tenant:
Go to HOME --> Azure Active Directory --> Enterprise applications --> All applications --> <select app> --> Manage - Properties --> "User assignment required?" to Yes

Tags:

Azure Certifications | Identity Management | Microsoft Azure Services

How to add custom domain to Azure Active Directory?

by XDK 12. October 2019 00:10

Explanation:

Go to HOME --> Azure Active Directory --> Custom domain names --> Add custom domain --> Enter your custom domain name  --> Add domain

To use xavierdilipkumar.com with Azure AD, create a new TXT record with your domain name registrar using the info provided in the screen

Click Verify

Tags: ,

Azure Certifications | Identity Management | Microsoft Azure Services

What are the difference between Managed and Federated domains in hybrid mode?

by XDK 11. October 2019 23:53

Explanation:

Managed domain is the normal domain in Azure AD and can be deployed either through "Password Hash Sync" or "Pass Through Authentication" with Single Sign On.

Federated domain is used for Active Directory Federation Services (ADFS). The federation trust will make sure that the accounts in the on-premises Active Directory are trusted for use with the accounts in Azure AD with Single Sign On.

Deployed through WS-Fed and WS-Trust:
WS-Fed: This protocol is required to join a device to Azure AD.
WS-Trust: This protocol is required to sign in to an Azure AD joined device.

Tags:

Azure Certifications | Identity Management | Microsoft Azure Services

About the author

My name is Xavier Dilip Kumar Jayaraj having 16+ years of IT experience which includes solid experience and depth Knowledge in Application Life Cycle Management, Configuration Management, Implementation and Support using TFS on-premises and Azure DevOps. I have invested in gaining DevOps knowledege to expertise with Cloud Computing providers namely Microsoft Azure and Amazon Web Services in recent years. I am very positive to learn and adapt emerging technologies to client’s environment.

Microsoft Certified: Azure Administrator Associate

Microsoft Certified: Azure DevOps Engineer Expert

DevOps Engineer Certificate Program | Transcript 

OTP-AWSD5: AWS IoT: Developing and Deploying an Internet of Things

[PCEP-30-01] PCEP – Certified Entry-Level Python Programmer

Quotes I Like

"Failure will never overtake me if my determination to succeed is strong enough."  - Dr. APJ. Abdul Kalam

"Always be yourself, express yourself, have faith in yourself, do not go out and look for a successful personality and duplicate it." - Bruce Lee

"Technology is just a tool. In terms of getting the kids working together and motivating them, the teacher is the most important." - Bill Gates

"Innovation distinguishes between a leader and a follower." - Steve Jobs

CategoryList

Disclaimer

The information provided here is based on my expreriences, troubleshooting and online/offline findings. It can be used as is on your own risk without any warranties and I impose no rights.