Can global administrator of a azure AD tenant access other tenant that it did not create?
Let sat there are two global administrators in an azure AD called original.org. Admin 1 and Admin 2 are global administratorsin orignal.org. Admin 1 creates a new Azure AD tenant called dev.org,... Does Admin 2 have any ability to create users in dev.org? I am confused because global admin can give themselves user access administrator role and make themselves owners,... Cannot this owner have access to any new tenant created from the root tenant? This seems to conflict with an understanding that a global administrator who creates a new Azure AD tenant is the first user and other users such as Admin 2 would have to be invited?Microsoft Monitoring Agent being reinstalled by Automanage
As MMA (Microsoft Monitoring Agent) will be retired on August 2024 I decided to go AMA (Azure Monitoring Agent) right away, even though it is known some of its functionalities still on preview. So I uninstalled MMA via script below (with a foreach targeting all my machines), I also assigned Azure policies to not have MMA installed on my environment and all the policies for self-configuring AMA (DCRs, Workspaces, etc). $app = Get-WmiObject -ClassName Win32_Product | Where-Object { $.name -eq "Microsoft Monitoring Agent" } $app.Uninstall() Problem is my machines were reinstalling MMA out of the blue. So I went all the way down to hunt the culprit of doing that: GPO, SCCM, Scripts, you name it. I finally found out Azure Automanage was the one reinstalling MMA so I had to disable it from my environment. Are any of you aware of this issue? Most important: is there a way to have Automanage working without reinstalling MMA? In my case Automanage helps a lot as I don't need to apply lots and lots of settings manually but as it is reinstalling MMA I cannot enable it. senagangbe alexandredebargisHow to apply policy initiative Azure
Hello Mightly Wizards, trying to Assign an Azure Policy Initiative via power shell: step 1: New-AzPolicySetDefinition -Name 'DATABASE_OPEN_SOURCE_ID' -ManagementGroupName MGname -DisplayName 'DATABASES OPEN SOURCE' -PolicyDefinition "C:\path\initiatives\DATABASES_-_OPEN_SOURCE\policyset1.json" note policyset1.json comes from exporting to GitHub Initiative definition and assignment error ew-AzPolicySetDefinition : InvalidRequestContent : The request content was invalid and could not be deserialized: 'Could not find member 'properties' on object of type 'PolicyDefinitionReference'. Path 'properties.policyDefinitions[0].properties', line 7, position 21.'. CorrelationId: f01ee272-73c1-43b7-99fc-51a67650463a At line:1 char:1 + New-AzPolicySetDefinition -Name 'DATABASE_OPEN_SOURCE_ID' -Management ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [New-AzPolicySetDefinition], ErrorResponseMessageException + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzurePolicySetDefinitionCmdlet First question. How does this file have to be formatted? can you give me an example? Second question how to assign this definition? With New-AzPolicyAssignment? Thank you in advance for yout reply. giuseppe
Audit Linux machines that have accounts without passwords - usernames with periods
Hi All, I hope this is the right place to ask this. This recommendation has shown up in the Defender for Cloud in the last few weeks. Having checked that all our accounts have passwords I took a look at the script this test is running it appears it is failing because our usernames have "." in them. I wanted to prove this was the case so, I temporarily update the regex in the script from... '^(?<username>[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$))' ... to ... '^(?<username>[a-z_]([\.a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}\$))' ... the tests pass against our configuration. After a bit of research it seems that it depends on the Linux distribution as to which characters are allowed. But the POSIX specification allows for the period in the name. Also the Azure portal doesn't allow periods, but deploying via an ARM template does (the latter being what we are doing). I can remove the period from most of our usernames, the exception being the main admin account which was created by the Azure processes. I've not been able to find a means to change this. If I update the ARM template it tells me this option can't be changed. Any recommendations would be great. Either with an update to the policy script to allow for periods as this is allowable on some Linux distributions. Or a means to change the admin username that is supplied in the ARM template. Thanks in advance Paul
how do i implement sql server under hippa compliance using azure policies/initiative ?
i assign hippa/hittrust for perticular rg in my subscription and created sql server under that after creating sql server on that is shows following output. and also where i ensure what ever resource i deploy that is hippa compliant? is there any audit to fulfill this scenario?
Is AzurePolicy applied topdown? I am applying it in MgmtGroup where it has Sub but no go.
I am trying to apply Azure Policy in ManagementGroup but no go. I tried in subscription and it works fine. I thought you can apply policy in MgmtGroup in the subscription, and subscription will inherit the policy (top down). Anyone can provide clarification on this? My structure is like this MgmtGroup1 (AzPolicy - allowed location) |___ Subscription1 MgmtGroup2 (AzPolicy - allowed location) |__ Subscription 2
