I am trying to create Azure Key vault via Portal. While I'm selecting create a keyvault option in Azure Portal, I am getting error like below on Basics tab:
enter image description here
I am the Global Admin of my account. It's saying the resource group is read-only. How to change it?
How to get rid of this error? Can anyone help me out?
The error usually occurs if read-only lock on your resource group is enabled.
To resolve the error, you need to delete the lock, but it requires Owner or User Access Administrator roles.
As you already have Global Admin role, you can elevate the access by enabling the option like below:
Go to Azure Portal -> Azure Active Directory -> Properties -> Access management for Azure resources -> Yes -> Save
After elevating the access, you can delete the lock like below:
Go to Azure Portal -> Resource Groups -> Your Resource Group -> Locks
After deleting the locks, you will be able to create Key vault successfully.
Related
I am running Azure DevOps Server 2019 cu7. When I click on the Access Levels link at the Project Collection level, I get a page not found error for ../_admin/_licenses. I then upgraded my development farm to ADO Server 2020, and still have the same issue.
The app pool accounts are both System and I have added the System account to the iis_iusrs group.
Also, i get a page not found error when trying to hit the/_api/licenses/export api to try to get around the page not found error when using a browser.
It seems that you do not have the permission Edit Instance-level information
Steps:
Open Azure DevOps Server Administration Console->click the option Application Tier->click the button Administer Security->select [Team Foundation]\Team Foundation Valid Users and ensure the permission Edit instance-level information is set the allow. Then we could check the Access Levels page.
Result:
The permission is set to Deny
The permission is set to Allow
I'm currently trying implement an app to read calendars only for a group that's permitted to the app. The idea behind this is that when I want to add a another calendar all I'd have to do is add the object to a specific o365 group. I'm taking the application approach over delegation that way I don't have anything actually logging in to utilize the app. Ultimately I'd like to stay away from any of the *.All permissions for security reasons.
Steps taken :
- created o365 group
- added resource objects and one user service account (just for testing) to the group
- registered app
- generated secret
- assigned group to the app
- granted admin consent to groups.selected via the azure portal
When I run a GET for group/{id}/members :
{'error': {'code': 'Authorization_RequestDenied', 'message': 'Insufficient privileges to complete the operation.', 'innerError': {'request-id': '473410a8-4db4-49d6-8d2c-92b9fbd4edb1', 'date': '2020-03-05T14:59:28'}}}
As per the docs
https://learn.microsoft.com/en-us/graph/api/group-list-members?view=graph-rest-1.0&tabs=http
If you are using Application permissions to Get Members for a group. you will need User.Read.All, Group.Read.All, Directory.Read.All.
The usual issue is not granting that permissions to the application in Portal.azure.com and admin consenting it.
If you're confident with that. Then I'd eliminate your code as being the issue by using something like postman with your app id and client secret. We have a sample Postman collection here https://learn.microsoft.com/en-us/graph/use-postman . for delegated permissions you can use our Graph Explorer playground.
MS docs says:
Note: This permission is exposed in the Azure portal for a feature that is not available for general use. Do not use this permission as it is subject to change.
https://learn.microsoft.com/en-us/graph/permissions-reference
I am writing a .Net Core 2.0 MVC-like app where users log in and then do such operations on an AAD B2C tenant such as add new user, edit user, delete user etc.
Listing and adding users was pretty easy to do, but now when I try to remove certain users, I get a 403 Forbidden error. I'm assuming it's because I missed permissions somewhere, but I don't really know where.
I have enabled literally ALL possible App permissions in my AAD B2C Tenant b2c-extensions-app and most of the ones that sound right (30 app+30 delegated) in apps.dev.microsoft.com. I added the account I log in to test to owner list, too. Any clues on why I keep getting those errors would be much appreciated. What are the things I could have missed?
// I found out that to delete users, Directory.AccessAsUser.All is required. I already have it in delegated permissions but I keep getting the same error.
// Yes, I did add myself as owner to b2c-extensions-app and I also added literally every possible permission to it. Windows Azure Active Directory has 7+9, Microsoft Graph has 37+78.
// Okay it seems that the same error occurs when I try to edit a user's password (or any contents, really), too.
Did you setup your permissions through Azure portal or PowerShell?
Delete permissions for a B2C application must be created using PowerShell.
You can find instructions on this page of Microsoft Docs, under the section 'Configure delete permissions for your application'.
Let me know if it helped!
I'm having troubles trying to add Azure Resource Manager Service Endpoint in TFS 2017. When i enter the required data and click on "Verify Connection" I can see the verified
when I click OK button , I get the following error
Does anyone have any idea how to fix it?
First double check if you have followed below tutorials to create this service Endpoint:
How to Setup an Azure Resource Manager Endpoint
Creating an Azure Resource Manager Service Endpoint
Such as make sure you have gave the service principal access to create resources in your subscription.
Click Browse and select Subscriptions
Select the subscription you are using
Click the Access button
Click Add
Select Contributor as the roll
Search and select the name of the application you just created
Click OK to grant the service principal access to your subscription
For more troubleshooting, please take a look at this link-- How to: Troubleshoot Azure Resource Manager service endpoints
Update from OP
Issue fixed by Upgrade to TFS2017 update1.
I just installed TFS 2010. When I go to machine-name:8080/tfs on my web browser it asks for a user name and password. What is the standard user name and password? How do I set this?
It should accept all username/password combinations which are valid on the machine running TFS.
There is no default password thing. (could be that default installation only allows administrative login)
See MSDN for further information on configuring TFS 2010:
http://msdn.microsoft.com/en-us/library/ms252477.aspx
In My case it was all about firewall configuration, let me tell you what I was dealing with:
I checked out windows firewall and I saw that there was an exception for TFS But it was not enough, why? See following image:
As you can see, TFS has been excepted but not for Public
So you can tick the check box for Public or you can change your network location from Public to Home or Work, go to: Control Panel > Network and Sharing Center
Change Your network Location
Now you can simply use those Windows accounts you have and it will be accepted definitely.
Overview: What was default Username and Password again?
Assumption: You are using TFS in local network, Your own server your own client!
Short answer: As a simplest method, you should create a windows account, introduce it in TFS to grant permissions, then you can login by that account from wherever in your local network.
Long Answer:
Step1: Create one or more windows account(s), to do that, go to control panel -> User accounts -> manage another account (Create another account while you can use the account you already have) -> Create a new account ->Give it a name
Probably you may need to select administrator
Then select created account -> Create a password
Step 2:
Go to Web Portal for VS TFS 2015, click on team members (or click on the gear icon in the above bar, and go to security tab) Add -> Add windows user or group -> Browse for account you already created or simply type it to add it.
Step 3:
Go to web portal for Visual Studio Team Foundation Server 2015, through web browser by some address like http://user-pc:8080/tfs (which you can find it in your VS or TFS) just like
then you encounter a dialog box which asks you for username and password, give the credential it asks based on windows account you have created, if everything is OK and no problem with firewall it's done.
Finally:
You might see multiple users in windows welcome screen which seems annoying, to prevent windows from showing them in the welcome screen
Go to Computer -> Manage -> Local Users and Groups -> Users
double click on each one of them and remove their member of data (which is set to Users by default)
Thanks to THIS
There is none. Log in as admin on the machine. Then create a new project group etc. Define admins there (Domain integrated). Their usernames / paswords will work then.